What Now? What to Do in a Ransomware Attack

In a recent blog, we talked about what to do if you’ve accidentally downloaded malware to your computer. As we mentioned, most malware is sneaky, running in the background as it does its evil work. But ransomware is in-your-face, the highway robber of the malware world. Ransomware will encrypt your files, shut down your computer, and then demand a ransom if you ever want to see your precious data again. With the clock ticking, what can you do to stop it?

Stopping an Attack in Progress

The sooner you notice a ransomware attack, the better chance you have of stopping it. When ransomware first arrives on your computer, it takes only seconds to begin locking files or taking control of the computer before demanding a ransom. You have minutes, at most, to limit the damage.

So be alert for these signs of a possible attack:

• Your computer is locking up.
• You can’t open or find documents or media files that were accessible before.
• You notice unfamiliar computer programs launching on their own.
• You hear the hard drive running constantly.

These signs could also signal other kinds of malware, but ransomware is an emergency, so don’t hesitate, take action right away! Because by the time your computer screen fills with threatening text or images, it may be too late to save your data. (Some ransomware is designed to just scare people into handing over money, but you can’t take that chance.)

At the first sign of ransomware, disconnect from the internet and, if possible, shut down your computer to halt the damage. Ransomware spreads through networks like wildfire, so if you’re on your home network, also tell everyone else on the network to disconnect immediately.

What you do to recover your data and clean your computer will depend on the type of ransomware, which you can research online. Unfortunately, you may have to wipe your computer hard drive, reinstall the software, then restore your data from backups.

Don’t Pay!

The one thing you should never do with ransomware, according to the FBI, is to pay the ransom— no matter how precious the data on your computer. There are several reasons not to give in. First, these are criminals and there is no guarantee that they’ll unlock the computer once they have the money. (In fact, some ransomware is also spyware, stealing personal information from your device for identity theft at the same time it’s holding you up for money.) Second, you’re going to have to wipe your device clean anyway, to ensure that the ransomware isn’t still lurking on it, waiting to stage another attack. Third, and equally important: paying the ransom encourages the criminals to keep staging new attacks.

Ransomware notes typically demand payment in bitcoin (“cryptocurrency) because the transactions can’t be traced. (Just like all those criminals on TV shows who use “burner” phones that can’t be traced.) The ransom notes will also give a time limit to pay, after which your files will supposedly be unrecoverable.

Stop It Before It Starts

Like other malware, the best way to stop ransomware is to prevent it, using good security software, awareness, and common sense.

• If you don’t have anti-virus software, get some.
• Install software updates promptly to your operating system, applications, and security software, so you have all the latest security patches.
• Think before you visit unknown websites or click on links in pop-up ads or in email. (Remember that 92 percent of malware is delivered through email.)

Have a Backup Plan

Scammers are ingenious at finding new ways past our defenses. In fact, experts predict that there will be a ransomware attack every 11 seconds in 2021, so there’s a fair chance you’ll face this situation someday. But if you have a safe, up-to-date copy of your computer’s hard drive, you’ll never be at the mercy of ransomware. There are loads of easy-to-use consumer backup options available: You can back up your computer to an external hard drive or use a cloud backup service, which also protects your data in case the device is damaged, lost, or stolen. Many data security experts recommend doing both local (hard drive) and cloud backups. Whatever you choose, back up your computer regularly and test periodically that backups are working and that you can restore data successfully from them.

Above All, Don’t Panic

The worst thing you can do in a ransomware attack is to panic. That’s why ransomware attacks happen so fast, so that criminals can scare people into paying. If you want to arm yourself with more knowledge to stay strong, you can read one of our other blogs about how ransomware works. But despite the fact that new types of ransomware crop up all the time, the answer to ransomware attacks is always the same: do your homework, do your backups, and stay strong.