Ransomware is a type of malware that gets installed on a system that encrypts data and prevents it from being accessible to users. This can happen on client and server-based devices. Once the data is encrypted, the malicious actor then demands a ransom to “unlock” the data. This can range from monetary payments, to cryptocurrency exchanges, to some other type of extortion, such as information. Ransomware is often detected when the encryption is complete and a threatening message appears on your screen requesting whatever the ransom is. When preparing for or dealing with ransomware, here are some best practices to follow.
- Power down a device you believe is infected with ransomware. This will prevent malicious software from migrating to any other devices on the network.
- Contact the Information Technology Services Department if this is a work device or your local law enforcement agency if it’s a personal device (ex. A personal computer at your home.)
- Do not engage with the malicious actor, regardless of whatever threats are made. Ransomware will often issue urgent and threatening messages to try to convince you to comply with their demands without giving it too much thought. There is no guarantee that once a ransom is paid that the malicious actor will comply with restoring your data, or that they haven’t already copied it for their own uses.
- Paying a ransom doesn’t prevent malicious actors from trying again, and doing it to you all over again. Often paying a ransom identifies you as “an easy mark” that they’ll try to take advantage of again.
- Maintain current and complete backups of important data. Restoring from a backup is often far easier and safer than paying a ransom.
- Keep all devices up to date, with proper malware/antivirus protections and system updates.
- Don’t engage with any “support” services from malicious actors. Pleading ignorance on what a “bitcoin” is isn’t going to get your data back. And dealing with these “services” is only going to cause more problems.
Dealing with ransomware often requires professional assistance, from either your IT department, local or federal law enforcement, or both. It’s best not to go in alone, and to seek assistance from these groups before dealing with these malicious actors on your own.