- There is no guarantee that victims can stop a ransomware attack and regain their data; however, there are methods that may work in some cases. For example, victims can stop and reboot their system in safe mode, install an antimalware program, scan the computer and restore the computer to a previous, noninfected state.
- Victims could also restore their system from backup files stored on a separate disk. If they are in the cloud, then victims could reformat their disk and restore from a previous backup.
- Windows users specifically could use System Restore, which is a function that rolls Windows devices and their system files back to a certain marked point in time -- in this case, before the computer was infected. For this to work, System Restore needs to be enabled beforehand so that it can mark a place in time for the computer to return to. Windows enables System Restore by default.
- For a general step-by-step process in identifying and removing the ransomware, follow these recommendations:
1.Create a system backup, and back up all important or integral files. If an organization cannot recover its files, it will be able to restore from a backup.
2.Ensure system optimization or cleanup software does not remove the infection or other necessary ransomware files. The files must first be isolated and identified.
3.Quarantine the malware using antimalware software. Also, make sure the attackers did not create a backdoor that can allow them to access the same system at a later date.
4.Identify the ransomware type and exactly which encryption method was used. Decryptor and ransomware recovery tools can help determine the type of ransomware.
5.Once identified, ransomware recovery tools can be used to decrypt files. Because of the different and evolving methods of ransomware, there is no absolute guarantee that the tool will be able to help.
Ransomware recovery tools include products such as McAfee Ransomware Recover and Trend Micro Ransomware File Decryptor.
0 Comments