Malware is the scourge of the personal computer age and ransomware is public enemy number one. If you’ve ever opened a ransomware email, don’t despair because you’re not alone. The recent AGL cryptolocker scam caught out more than 10,000 people who left their machines exposed.
Businesses are usually targeted the most because of the sheer number of emails and attachments they open each day. They know many people don’t have the time to verify if an email is safe compared to when they’re out of the office. Plus businesses are more likely to pay a ransom.
Respond: How to stop a ransomware infection
Pull the plug, literally. After ransomware begins infecting your machine, its first priority is to spread itself. Our systems engineer Brian recommends your first steps should be to stop the infection in its tracks. If you suspect your machine has been infected, follow these steps:
- Turn off any Wi-Fi connections. If you have a physical Wi-Fi button or switch on your notebook PC, turn it off before shutting down.
- Turn off the computer. You may have to force a shut down by pressing and holding the power button.
- Remove your network cable. If you have a desktop, or notebook, that is connected via Ethernet, unplug the cable. This reduces the risk of infecting other machines on your network when the computer is next turned on.
- Call the Service Desk immediately on 1300 791 678. We can help you with the steps above and tell you what to do next.
Remember speed is the key to minimising the damage from a ransomware attack. If you at all believe your computer has been infected, act as fast as possible.
Recover: Don’t give ransomware a second chance
"Whenever we come across a virus which has the ability to cause widespread damage and downtime for the entire company, we take the safest route possible," says Sentrian's chief cryptolocker warrior, System Engineer Brian Hunter.
Cleaning up a ransomware infection can be messy. Simple malware or virus infections can often be cleaned up effective anti-malware software. But more complex attacks may require more time to clean them up. We recognise that getting the machine back online is your priority.
Malware can arrive in many forms with many levels of destruction. Occasionally anti-malware software is effective at removing it from your infected machines. However ransomware is different. Its power to disrupt should not be underestimated, and that's why our preferred method of curing infected machines is restoring from a backup.
If your business does not have an established and effective backup routine, you’re playing with fire. Simply moving files over to an always-connected external drive at the end of the day is not an effective backup. If you don't have a backup, its more than likely the data encrypted by the ransomware is lost forever.
We have found from experience with the recent spate of infections, that effective backup software does more than get your machines back online as fast as possible. It also ensures no remnants of the infections carry over into your secure backups.
React: Change your behaviour
One of the best ways to stay safe online is to lower your risk by changing the way you work with email. This can mean protecting your email account in more active and thoughtful ways. Here are a few tips:
- Don’t publish your email on webpages, blogs or any other visible page on the internet. If you’re managing an inbox that requires this, be extra vigilant opening emails – particularly ones with attachments.
- Don’t open or respond to unsolicited emails - these will be emails from general services you may recognise, Australia Post, utility services, fake fines (police & councils) are just a few examples.
Even with effective anti-malware, firewall and backup software (and you should have them), the occasional malicious email will slip through. Awareness and education, by reading articles like this, are the vital last line of defence. Remember, don't assume you can verify the legitimacy of an email by opening an attachment.