Photo courtesy of usatoday.com
Becoming infected with ransomware can be an extremely scary situation. Your important files have become encrypted, and you can’t perform your daily functions because your computer is locked up with a ransom note. Your initial reaction is going to be to panic. While this may be easier said than done, don’t. Take a step back, breathe, and most importantly; do not pay the ransom.
While there are several reasons not to pay the ransom (which we will discuss further), the number one reason is that only 20% or 1 in 5 businesses that paid the ransom recovered full access to their files. Why? There are two explanations. The attacker either walked away with the money and never had any intentions of restoring access to the files to begin with, or the hacker was an amateur and didn’t have the technical ability to actually restore access.
By paying the ransom, you are fueling what drives the ransomware market. Think about it; would you keep selling your product if no one bought it? Probably not. When you pay the ransom, you give cybercriminals a reason to keep infecting users and come up with new strains for which cybersecurity researchers don’t have decryption keys.
That brings us to our next point. Cybersecurity experts have been working around the clock to figure out how to produce decryption keys for new strains of ransomware. While there will certainly never be a decryption key for every single strain of ransomware, it’s extremely important to check to see whether the decryption key is available for the type of ransomware you were infected with. At WatchPoint, we have a comprehensive list of “Free Ransomware Decryptors” as well as a “Ransomware Response Kit” that contains 21 pages of everything you need to know if you have been hit with ransomware.
Backups and Prevention are Key
While we can tell you all the reasons not to pay the ransom, the question remains: What SHOULD I do if I’m infected with ransomware? First and foremost, having a backup system in place is one of the most important things you as an individual or business should have. These backups should occur daily, if not more frequently. What backups enable you to do is completely wipe your computer clean and recover all of the files from when your latest backup occurred.
With that being said, newer strains of ransomware are going as far as encrypting or even deleting your backup files. Additionally, even when you have either paid the ransom (not recommended) or recovered your files from a backup, you can’t be sure whether or not the hackers are off your network. Often, a hacker will remain hidden deep in your network so they can run another cyberattack when you believe you are free from threat. One of the only ways to know hackers are off your network is through products we offer here at WatchPoint.
CryptoStopper by WatchPoint Cyber Security
As we mentioned before, having proper backups isn’t enough with some ransomware strains encrypting or even deleting backup files. We can prevent having to rely on such backups with CryptoStopper. CryptoStopper uses deception technology to detect ransomware. During the installation process, decoy files (we call these “Watcher Files”) are strategically deployed. When the ransomware begins the encryption process, CryptoStopper detects it in real-time and takes action. When CryptoStopper detects the ransomware, an administrative alert is sent to your security team with critical details about the attack. The infected workstation is automatically shut down to prevent further damage to your network. CryptoStopper is inescapable; ransomware can’t avoid tripping over the Watcher Files. Our security experts are continually researching the latest ransomware variants to ensure CryptoStopper remains unavoidable. CryptoStopper contains the ransomware in a matter of seconds, which significantly reduces the damage done and in turn, saves your company a large amount of money.
Click here to learn more about CryptoStopper and how WatchPoint can take care of all your cyber security needs.