Ransomware Attack – what it is and what to do if you are hit
Vlad Botic
3 min read

OK yes…’s true that we haven’t had another WannaCry-scale Ransomware attack in the past 12-18 months, but that doesn’t mean that Ransomware has gone away. In fact, new RansomWare attacks are still being launched every day and are becoming increasingly sophisticated. We can certainly talk to you about how to reduce the risk of the Ransomware attack being successful, but today we wanted to share our thoughts on what you would do, in the event that you were attacked:

What is it?

Ransomware is a form of malicious software or malware (a blanket term for viruses, worms, trojans, and other harmful computer programs) that infects a machine, device or network (as was the case with WannaCry) with encryption so the user can no longer access its data.

Cyber criminals will demand a ransom from the victim, usually in the form of a popular cryptocurrency such as bitcoin, saying they will only restore access to the data upon payment. Sometimes, even after the ransom is paid, the files remain encrypted – this is known as ‘wiper’ malware.

How do you know if you’ve been attacked?

A ransomware attack usually manifests itself firstly by users not being able to access files and secondly by a pop-up ransom note or wallpaper graphic displayed on screen.

Email phishing, via massive spam or sometimes targeting campaigns, is one of the top ways cyber criminals use to induce malicious activity. The ‘malware’ is usually contained within an email, in the form of a disguised URL or seemingly benign attachment, and it takes just one click for the ransomware to immediately take hold.

What should you do if you’re hit?

Whatever you do, do not pay the ransom as it encourages scammers to continue their criminal activity. We would always advise using experts to help recover your files but there are a few steps you can take initially to help stop any viruses from spreading:

  • Disconnect your computer from any others, and from external drives. If you’re on a network, go offline to prevent the ransomware spreading to other devices on your local network or to file-syncing services such as Dropbox.

  • Take a photograph of the ransom note presented on your screen and or a screenshot if you are able to, to assist with any Police investigations into the attack.

  • Use antivirus or anti-malware software to clean the ransomware from the machine. Removing the ransomware will not decrypt your files but it will help prevent encryption of more files.

  • If you use a managed security service or virtual security team, then contact them immediately – if anyone is able to help recover your files, they are the best placed to do so.

Worried about ransomware affecting your business? The RANt Group can help you put the steps in place to help reduce your operational risk.

Vlad Botic
Share on

RANt is a London based security consultancy. We make sure your business and shareholders are protected from data leaks, by working with your business and team.