It’s finally happened: One of your worst nightmares come true. As an Internet user, you’ve heard of ransomware before. Maybe you thought it only happened to massive corporations or rich individuals with plenty of assets to lose. Now, though, you’re sitting and staring at a co-opted screen that tells you to pay up or lose your files forever.
Even if you can afford it — and many people can’t — who wants to give up hundreds of thousands of dollars to a hacker that stole your machine? Ransomware payments average in the hundred-thousands. Even after all that, there remains the chance that paying up isn’t enough: Double extortion happens when a ransomware demand is then followed up by a second fee request, this time to prevent the hacker from leaking all that information they found on your computer. Even when it’s safely back in your hands, your data isn’t protected from public eye or hungry bidders on the Dark Web.
So what should you do when you find yourself facing down a ransomware demand?
Step 1: Isolate
Often, hackers will go for the device or account they can most easily capture and then work from there. Typically, you don’t keep your most confidential secrets on the most unprotected machine. Therefore the first step is to disconnect the infected machine from the rest of your network; otherwise the hacker may be able to compromise other local machines until they find something they can cash in on.
If your desktop computer gets breached, for example, then you should immediately power it down and unplug it. This will help keep your phone, tablet and other devices safe while you resolve the problem. Also disconnect from external drives that may automatically sync files, like Dropbox, to mitigate the risk of the attack spreading to your other connected devices, such as through an infected shared file.
Step 2: Call for Help
Depending on what machine experiences the issue, you may have different protocols that you’re expected to follow next. Your work computer, for example, likely requires notifying your IT team and the rest of your office. Meanwhile, an attack on your cell phone may only warrant a call to the authorities to report the incident.
If possible, take screenshots and pictures of the attack. Even though it doesn’t seem so important in the middle of the emergency, this evidence will help investigators later.
Step 3: Damage Control
Before taking steps against the hacker, try and recover everything that you can. This person wants your money, or to destroy or spread your files if you refuse. Get back what you can first.
If you have backup systems in place, now is the time to run them. If not, remember the importance of offsite and secure digital storage for next time. Run regular checks on your data storage system to guarantee that it can bring back files in a readable format, has no bugs and is working as expected throughout the year. You don’t want to find vulnerable exposure in your storage system for the first time in the middle of a serious cyber event, or realize that it’s spitting out unreadable file formats too late.
Step 4: Clean Up
Whatever antivirus programs you have at your disposal, now is the time to deploy them. Reboot to Safe Made if you can, as this will limit what you can do on your computer and therefore what hackers can do to you. Only the default settings and drivers will be available in Safe Mode, including softwares loaded onto the computer at startup. This will let you do what you need to without risking your other local devices too.
Do you have decryption tools available to you? If not, you can find some software that may be able to help break the ransomware encryption on your files and recover them.
If the above tips aren’t enough and you find yourself missing files or with a hole in your pocket, consider cyber-insurance. Cyber-insurance will helps you recoup any damages you may have to pay for after an attack. Different policies may offer benefits like helping get back files, paying for legal damages and shoring up your security posture for the future.
If you’re the victim of a ransomware attack, don’t panic, and certainly don’t pay up. More than 90% of ransomware victims who pay don’t get access to their files again. Even if you cough up the cash, you not get back any of your data anyway! Instead, take these steps for staying safe and recovering what you can after a ransomware attack.