Ransomware

Prevention

  • Keep online backups of your data, and offline encrypted backups of critical data.

  • Do not click on links in spam messages or on unknown websites.

  • Do not give personal information.

  • Do not open suspicious email attachments.

  • Never use unknown USB sticks.

  • Use VPN services on public Wi-Fi networks.

Detection

  • The antivirus scanner or security app sounds an alarm (unless it was not installed or has been bypassed).

  • File extensions change to an unfamiliar combination of letters.

  • File names change.

  • Increased CPU and disk activity.

  • Suspicious network communication (with the gangsters).

  • Encrypted files.

  • A window containing a ransom demand. A locker ransomware virus locks the entire screen, while crypto ransomware encrypts individual files.

Response

If you detect it before the ransom note is delivered, you may be able to stop it from spreading to other devices and files, and to remove it. Files already encrypted remain encrypted (of course you have a backup).

  • Disconnect from wireless and wired devices, external hard drives, storage media, and cloud accounts (prevent it from spreading).

  • Scan with AV scanner of security app (identify threat). In the case of screen-locking ransomware, you can probably not get to the security software. Start the device in Safe Mode, and you might get to it.

  • Check the No More Ransom Project website for solutions.

  • Restore encrypted data from backup.