Cyber Security 201: Identifying & Responding to Encrypting Ransomware Attacks

Last post, we discussed what encrypting ransomware is and how to prevent an attack on your device. While we are KINETIC are all about prevention, we acknowledge that hackers are very good at what they do, so it is also critical for you to be able to identify if you have been attacked and respond appropriately.

HOW DO I KNOW IF I’VE BEEN ATTACKED?

Since hackers are very good at what they do, typically ransomware attacks are pretty silent. However there are a few signs that can serve as red flags you have been infected:

  • Document Notification: you open a document and it tells you it has been infected
  • Delayed Response: your machine starts running slow for no apparent reason
  • Unexplained Document: you notice a file on your desktop that wasn’t there before and you didn’t save or upload yourself.
  • Locked Documents: your images, files & data are all of a sudden encrypted and you are not able to open them. You may also frequently see a popup screen asking you to pay a ransom or face deletion of your files.

WHAT DO I DO?

Too many of us have been there – we realize something is wrong with our computer and we look at the person next to us paralyzed with anxiety, asking, “What do I do?!” As one Boston-based identity theft expert observed, “There is nothing worse in the field of technology than having a criminal in control of your network. When a ransomware attack occurs, it can easily elevate from a potential data loss, to potential identity theft, to a data breach in the form of extortion.”

While we hope this never happens to you, here are the three steps to take if it does:

  1. Turn your machine off.
  2. Unplug it from the internet/your network. Disconnecting from your network will help prevent personal or other sensitive data stored on the network from being transmitted back to the attackers. It will also prevent the infection from spreading to other computers in your network.
  3. Call someone in IT ASAP to scan your PC and the network. This is where back ups can help! If you have properly backed up your data, you or your IT service provider can help you re-install applications and start fresh. Steve Grobman, Chief Technology Officer of Intel’s Security Group emphasizes, “It is really critical that everyone, regardless of whether you are a consumer, a small business or a large business, sets up backups in such a way that they are separate from your computer. So if you are hit by ransomware you are able to get data back without paying the ransom.”
  4. Alert authorities. While the local police are likely not equipped to deal with a ransomware attack, the local FBI will want to know about it.

And the one thing you must not do? Be tempted to give in and pay a ransom. This will most likely not release your information and, in most cases, only leads to further extortion.