Mobile Menu
Back to Blog

Recovering from Ransomware

Cybersecurity Association of Maryland, Inc.
Original post by Alyssa Richarts | January 30 2019
Ransomware attacks are prevalent across all industries making them one of today’s top cyber threat. They can infect systems in countless ways with the most popular delivery method being phishing. Once your system has been infected with ransomware, especially if networked, the impact to your system, data, and network are almost limitless. In 2018, this type of attack resulted in costs over $8 billion and will only continue to get worse if proper steps to protect your network are not addressed and implemented.

What is Ransomware?

Ransomware is malicious software, also known as malware, that locks down your data by encrypting it and denying access until a specified amount is paid to the attacker. Typically, the attacker will instruct the user to pay the ransom amount and a decryption key will be provided to recover the locked data. However, sometimes the attacker cannot decrypt the data, resulting in lost information.

Be Prepared:

With this type of cyber threat being one of the largest within the business world, all organizations big and small can be a potential target. It is essential for organizations to have a plan in place in the event this type of incident occurs. Having a playbook or plan in place can reduce the damage and impact on major systems by ensuring all personnel are on the same page with the proper steps in mind.

What’s the Plan?

  1. Know what to look for: You may notice your data is inaccessible or a dialog window mentions that your data has been “encrypted” and a note is present asking for a specific amount of money. This is a sign of a ransomware attack.
  2. Isolate the affected system: If connected to a network, the software could propagate throughout the network; it is advised to disconnect the machine(s) from the network immediately. With that in mind, it is important to keep your computer powered on so that forensic information that could be used to investigate the attack is not lost.
  3. Take a photo of the ransom note: It is important for investigators to have access to the ransom note as they may be able to pick up on specific verbiage that leads them to the attacker based on past attacks.
  4. Contact your supervisor and security administrator: You cannot solve this problem alone;  your supervisor and information security team will know how to contain and minimize the problem and protect the network/data.  
  5. Be proactive: To prevent this from happening again, keep your computer security software up to date, always verify the URL of the website you are visiting, and never run untrusted programs on your system.

By following the aforementioned steps, you can be prepared and informed if you are ever faced with a ransomware attack.