Imagine a sailor, a veteran one. His King ordered him to sail through the breathtakingly beautiful Caribbean sea and he was just doing that. With the mesmerizing view all around he got carried away just a bit and suddenly there’s chaos in the deck. The pirates have attacked the ship and there’s no way of avoiding them now, within moments they have made the sailor hostage. In the middle of nowhere, far away from home, the only way left for him is to pay the ransom demanded by the pirates of the Caribbean!
Let’s fast forward the scenario a few hundred years, the year 2020, the year of a new pandemic, and the beginning of mass work from home schedules. You are among those who are leading a team to its goal now. The ship is replaced by the team you lead, and the master instrument to control your ship, the helm, is replaced by your pc. On a fine morning, you see some irregularities with your computer, you try to address the problem and BOOM! A message like the one below pops out!
It’s the pirates, with pernicious effects in a digital form. As they aim the same thing, force you to pay a ransom, by infecting your computer with some kind of a virus, a ransom demanding malware, or simply put Ransomware!
Ransomware is designed in such a way that it blocks user access to files or entire systems by encrypting them. The way to access the encrypted data is to use a decryption key only known to the attacker who demands a ransom to provide it, hence the name ransomware.
If not approached cautiously Ransomware can wreak havoc across organizations as well as personal computers. This article is dedicated to some instantaneous actions which can mitigate ransomware attack loss.
How does Ransomware work?
A Ransomware gets entry via a phishing email or a malicious website. Clicking a link in an email like that or visiting a similar website is enough to permit that malware’s entry into a machine. Even though there are other ways, these two are most common. The attack typically starts at a single workstation and makes its way to all connected machines. This first workstation getting infected has a technical name as the Endpoint.
What’s more alarming is, even if a ransomware gets its way into the endpoint, often it goes undetected. It simply runs its course in the background, searches for new targets to encrypt including other files, workstations, even backups! Only when it gets hold of enough important files, it announces its presence by locking the data and demanding ransoms. Present days, the attackers want the ransom to be paid in cryptocurrencies like Bitcoin so that you can never trace the destination of the ransom you paid. They often mention a deadline for the payment and threaten to destroy or permanently lock the encrypted files forever if the money is not paid in due time!
What to Do Immediately?
If you happen to get the unwanted notice of your system being encrypted with ransomware, do not panic. The first thing you should do is to stay calm, panic has never brought out any solutions! There are some steps that should be taken in case of an attack. It’s not necessary to take these steps one after another, measuring the emergency, these might be performed parallelly as well. The only aim is to mitigate ransomware attack loss.
The first step after discovering any ransomware attack is to determine how deep the malware has spread its roots. It’s always ideal to point out the Patient zero aka the Endpoint to get a grasp on how the malware got its way past the firewall in the first place. You need to determine the scale of the attack to decide the response and mitigate ransomware attack loss.
Once the identification is done, you need to immediately isolate the affected ones. For a single affected machine, cut the power if possible. In the case where a single or a few PCs have been breached, disconnecting those PCs and dealing with them individually might work.
However, for breaches in several systems or subnets, more significant actions are required. You might consider getting offline at the switch level to cease the ransomware from spreading further. If taking the whole network offline is not an option, unplug (ethernet or wifi) the located devices from the network for the least will help mitigate ransomware attack loss.
Quarantining the virus with the affected files is the most important step to reduce its effect. So, keeping the affected computers separate till the situation is alleviated is a must.
Communication & Mitigation
In a secure channel keep up the communication with your teammates. Based on the initial analysis, draw an image of what damages have already been done. This image will be getting clearer over time as more information about the attack is gathered but the initial understanding will often ameliorate the current situation and mitigate ransomware attack loss.
Also, for an enterprise, it’s common to have people working with cybersecurity. They should be notified as soon as possible in case of an attack like this. Depending on the emergency, engage all available internal and external forces to respond to the threat and recover the loss.
Perform Backup & Restore
You should never delete the affected files. In fact, you should back up the isolated files in a secure place. There are a couple of reasons for that.
Firstly, there is always a chance of data loss during the process of decryption. It’s often reported that files are not fully functioning after decryption. The core reason behind this is many decryptors contain bugs within themselves. While some file formats are immune to those bugs, surely not all are. And you never know which types of files you are dealing with. Having a backup of your infected system puts you on the safer side. Even if some data is lost, you can always perform the decryption process over again from your backup.
Then, there is the possibility of free decryption in the upcoming future. Technology is always evolving. Something which seems extraordinary today might be a child’s play in the near future. There are cases of the apprehension of ransomware authors and discovering C&C servers, which offered victims free decryption keys. So, if the data is not of great significance or value, just back them up and address them at a later time.
Finally, if you delete the files without a backup, you no longer have any potential evidence of the attack which might be useful to the authorities. Everyone working against malware including the law enforcement agencies is always trying to gather a wide variety of information on any specific ransomware.
Judging by the damage done and how badly & urgently you need the files to be recovered you might consider paying the ransom. However, this is highly discouraged and should never be done at the beginning as there is no guarantee that even after getting the ransom the bad guys will provide you with a working key or simply would not demand more money! There are events where ransoms were paid, still, the attackers did harm to the encrypted files. Some sophisticated ransomwares using advanced encryption algorithms are scripted in such a way that they yet to have a decryption key. If you decide to spend your money, you better spend it in the right place where results are guaranteed!
Is There Any Alternative?
As mentioned earlier, you should never consider paying the ransom right away. Chances are the hackers will simply take your money and never provides you with an encryption key! You might start looking at whether any free decryption tool is available or not. In some events, free decryption keys are made available from law enforcement agencies.
However, there is an old saying –Prevention is better than cure. You need not to go through all these tiresome moments and difficult times if somehow the ransomware’s entry is restricted in the first place. That’s where any antivirus or anti-malware software comes into play. The Reve Antivirus stood tall among others with reviews and recommendations from its users. You can always go and try their 1-month free trial to check if it impresses you or not! Either way, we hope you keep your machine safe from any ransomware attack. In the unfortunate event of an attack, these tips will help you to mitigate ransomware attack loss.
The post Ransomware: Instant Steps to Reduce The Damage of An Attack appeared first on REVE Antivirus.