Ransomware protection & recovery guidelines for businesses
The impact
Infamous ransomware explained
WannaCry
The WannaCry strain shows how extensive a PC-based ransomware attack can be. In May 2017, WannaCry spread across the globe and ultimately attacked over 100 million users.
Petya
The Petya strain, which first appeared in 2016 and returned in a more advanced form in 2017, uses the screen locker approach by encrypting your hard drive’s master file table to lock up your computer.
Popcorn Time
Since an attacker’s ultimate goal is to spread the ransomware to as many machines as possible in order to make the most money, an alternative ransom tactic has emerged — a tactic that is both social and sinister.
Steps to keep ransomware out
Establish multi-layered security
Be wary of pop-up installment requirements
Think twice before clicking links
Don’t download apps from unknown sources
To add an extra layer of security, go into your device’s settings and disable its ability to perform app installations from unknown sources. You should also be suspicious if an app asks for device administrator permission. Granting this permission enables the owner of the app to access your device remotely, which would have dangerous consequences.
Back up all important files
This way, if you do get hit with a ransomware attack, you’re ready to restore all your important files as soon as you remove the ransomware from your device.
Keep operating systems and apps updated
Educate employees about best practices
Multi-layered security is key
Hackers have more than one way of breaching a business network or device. The key to ultimate protection is having multiple layers of protection as a fail-safe.
Book a demo
Get a live demo to see how our cybersecurity can protect your business from ransomware.
Get a second opinion
Robert S.
Content SpecialistCynthia R.
Admin AssistantEmmett O.
IT Senior ProgrammerReliable, award-winning security
More resources on ransomware protection & recovery
FAQ
Is ransomware a virus?
Our research suggests that most ransomware spreads through Trojans, which means the ransomware program is hidden inside a file or link that seems both harmless and important enough for you to open or click. When ransomware is wormable it spreads automatically, like WannaCry, or it can spread via the user, like Popcorn Time.
Viruses, worms, and Trojans can all be delivery methods for ransomware. Though the ransomware might be spread by a virus, it’s not a virus itself.
How does a ransomware attack work?
Unlike most malware, which requires you to download a malicious file or click on a malicious link, some ransomware can infiltrate your devices without any action on your part. Other ransomware attacks rely on traditional methods.
Regardless of where the ransomware comes from, here is the most common scenario when it comes to a ransomware infection:
- The ransomware encrypts your files, making them inaccessible without a specific decryption key.
- A ransom note appears on your screen demanding a ransom, typically in Bitcoin, to get the decryption key or have the hijacker decrypt your files. There will usually be instructions on how to pay the ransom as well as a deadline for when to pay in order to preserve your files. It’s important to note that paying the ransom does not always guarantee that all your files will be restored.
While your device is infected with ransomware, any attempts to open your encrypted files will most likely be met with an error message informing you that your files are corrupt, invalid, or cannot be located.
Should I pay the ransom?
We strongly recommend that you do NOT pay the ransom. And don’t attempt to negotiate with your attacker either. Giving in to their demands will only support future ransomware attacks.
Paying the ransom does not guarantee that your attacker will delete the ransomware, unlock your device, or give you the decryption tool for their strain. While they want a reputation for keeping their word so victims are more likely to pay up, some hijackers have collected ransoms and disappeared or sent useless decryption keys.
If you can’t recover your files following a ransomware attack, we urge you to hold out for a decryption tool for the strain that has infected your computer or mobile device. Sometimes, there’s a flaw in the cryptography the ransomware code uses, and the malware exposes lines of code which can lead to a fix.
Can ransomware be removed?
Depending on your device and the strain, you may be able to rid your computer, smartphone, or tablet of ransomware. The malware removal process is the relatively easy part, but recovering your encrypted files can be impossible, sometimes even after the ransom has been paid. Removing the ransomware from your device is far from a guarantee that you will succeed in negating its effects.
To help you deal with ransomware on any device, we’ve prepared these handy guides for you: