Ransomware Recovery

          • Stop the infection and further damage: cut off remote access, stop file sharing (assuming a PC is infected and is impacting server data), kill rogue processes, run multiple anti-malware scans
          • Prepare a plan of action, including risk management and communications. Don’t just start “trying to fix it”

A typical plan might include:

          • Checking to ensure the recency, coverage and integrity of backups, so you know what your worst case restoration point is
          • An internal & possibly external communications plan – who to tell what when
          • Identify the source(s) of infection and ensure it is stopped and future recurrence through the same attack vectors is impossible
          • Searching for free decryption tools
          • Contacting the hacker
          • Getting your backup ready, just in case – particularly if off-site
          • Preparing a sandboxed environment to run the decryption tool (if your backup didn’t work or wasn’t recent enough)
          • Conducting a post-incident review (call us for more information)

Ransomware Vaccine:

          • Anti-malware: workstations with proactive threat assessment capability
          • Centralised web filtering
          • Centralised email filtering
          • Lock down workstations – Standard Operating Environment
          • Separate guest networks
          • Implementing strong passwords & secure remote access
          • Ransomware Recover Encrypted Files

Most of the time, you can only recover by:

  • Restoring from backup
  • Paying the ransom
  • Getting lucky and finding a free decryption tool