Ransomware: How to recover and get back on track

As we learned earlier, ransomware is one of the most common forms of cybercrime and one of the cyber threats most likely to affect Canadians. We already discussed how preventative measures and knowledge can help protect you and your organization from these threats, but let’s face it, there will always be that email that looks like it’s from your boss, or that website that looks like it’s advertising free appetizers at a local restaurant. Now, threat actors are using fear of COVID-19 to their advantage, and hoping we will click on items we would normally flag as suspicious. That could include anything from fake emails about government assistance to ads for scarce products.

What to do if you have been affected

No matter how prepared you are, cyber threats like ransomware are always a risk. It is important to know what to do if you fall victim to a ransomware attack.

  1. Isolate (disconnect and stop using) the device to prevent further infection within your network. If you are using a cloud service, contact them for further assistance.
  2. Try to identify the type of ransomware that you are dealing with to find out how to remove the ransomware. While some decryption tools can be found online, this may not be possible for all types of ransomware. If there is no such tool available for your needs, you will need to reset the device back to its factory settings and erase all the data it contains. This is where backups come in handy.
  3. Once you are free of the ransomware, go back to the preventative tips discussed in the previous blogpost to help prevent future attacks. Update and patch your system and anti-virus, anti-malware, and firewall software. Change your passwords for any accounts that you accessed on the previously infected device, as the threat actors responsible for the ransomware likely have copies of your account information.
  4. Contact your local law enforcement agency and the Canadian Anti-Fraud Centre. Working with these agencies promotes awareness and monitoring of subsequent ransomware infections, especially if this is the first time a specific ransomware is used.

It is important to understand that paying the ransom doesn’t mean you will recover your encrypted files. Even if they are recovered, a data breach still occurred, and copies of your files may now reside with the cyber threat actors. The decision to pay the requested ransom should be based on your own risk tolerance and underlines the importance of frequent backups. Backups are cheaper than ransom.

Following the guidance and advice provided will help protect you, but it is not failsafe. When it comes to cyber security, the adage, “an ounce of prevention is worth a pound of cure” fits quite well. Stay aware. Practice constant vigilance. And be ready to recover if need be.

Additional resources:

Date modified: