Some tips to prevent and mitigate ransomware infections

How prevent the infection?
  • Do as often as possible a backup of all the important data and hold it offline and away from the local network when not in use.
    Avoid backup solutions connected to the local network, like NAS: it would be infected and made unusable.
  • Keep your computer updated!
    Most ransomwares exploiting flaws of outdated versions of Flash, Java, browser or Windows. If possible disable or remove Adobe Flash.
  • Use an antivirus and maintain it updated. 
    Warning: the antivirus will block older ransomware but will not recognize new infections.
  • Using Linux or OSX instead of Windows reduces the risk. 
    However, recently are discovered some ransomware written for OSX or in Java.
  • Visit secure websites and be wary of suspicious email attachments.
    As usual, the biggest vulnerability is located between the chair and the keyboard.

Ok, I have been infected: what can I do?

The most important thing to do is to try to keep limited infection and rescue the backups.

  • Immediately turn off the computer on which appeared the warning.
    Do not waste time, pulling out the plug without lose time with shutdown procedure.
  • The infected machine is probably trying to infect other computers.
    So turn off all other computers on the same network.
  • If you store backups on a network storage, disconnect it immediately by unplugging the cord or turning off the Wi-Fi.

If you have a backup of your data, you can opt for the best solution: reinstall the affected computers and restore the data from this copy.

If you have not, the situation is a bit more complicated.

Can I recover the data?

  • Aware the diy: you risk losing forever all your data.
  • Do not use an antivirus after the attack occurred: it could delete the part of the virus that is used to restore the data if you pay the ransom.
  • Some ransomware have flaws that allow data recovery: calling a good specialist, that could know how to exploit them.

So, I should pay?

Unfortunately, in most cases, yes: if you do not have a copy of your data, you should pay the ransom and learn how to do backups.
Estimate how valuable are the data that has been encrypted and how much it would cost to recreate them, if possible.