Have you been hit with ransomware? Don’t let the criminals get the upper hand. Call us now. We’re standing by, ready to help.
There are many different strains of ransomware: some are merely a nuisance, while others are absolutely devastating. Because the different variants behave in such diverse ways, and because they keep changing, it’s imperative that you consult with a knowledgeable professional if you need to recover from a ransomware attack.
Ransomware is not something you should try to resolve on your own. You may not be aware that many ransomware strains will set up Command and Control (C&C) stations within your network. If you don’t root out the C&C device first, you can easily make things much worse by making attempts to recover by yourself. Before you start, you must identify which strain of ransomware is attacking you.
With that in mind, here are the first steps you should take if you are ever hit with ransomware. First, shut off Internet access at the firewall. Second, remove network adapters and pause all servers within the network. Third, hibernate all PCs in the network. The more quickly you can take these three steps, the better your chances of mitigating the damage.
The amount of time this will take depends on how far the damage has spread, how many computers are connected to the network, and how quickly a team can be assembled to work on recovery. We have seen it take as little time as four hours and as much as six weeks. The most typical total shutdown times are between eight and 12 hours, but every situation is different and a great deal of variation is possible.
If a customer calls with a ransomware issue, we ask for the following information:
With those details on hand, we can construct an initial outline of the potential scope of the problem and identify an appropriate response. We do require a retainer, but as soon as it’s received we will begin the process of assembling a team at your facility.
In all the years we have been fighting ransomware, we have never once found out the identity of the perpetrator. But there are some commonalities: it is usually foreign nationals who are operating as a business. The FBI has published information about countries where these individuals are often active, but we probably will never be able to answer this question.
With your consent, yes, we will report the incident to the FBI’s cybercrime unit.
If law enforcement catches cybercriminals, we don’t know about it. We are not privy to the FBI’s activities or successes. Business owners should not hold out hope that the recovery process will be aided or simplified by the FBI’s efforts.
This is a complicated question. First, yes, we can consider paying the ransom, but you should never do so on your own. You’ll need a third party intermediary who can purchase bitcoin and contact the perpetrators via a secure channel. However, even if you do pay them, you cannot be confident that they will give you the key that will enable you to decrypt your data. And even if the key does work, you don’t know what your data will look like afterwards. Most of the time, even if you have a decrypting key, you will still have millions of files to unlock manually. This can be far more time-consuming and burdensome than restoring from a backup. In addition, you must be sure the entire network has been scanned so that you know all ransomware has been removed. Without this step, you’re likely to get hit again.
The ransom amount varies in every single case. It’s largely a question of how much the criminals think they can get from you. Ransoms can range from a few thousand dollars to several million. To determine how much the criminals want from you, you need to respond to the ransom note from a secure email account that is in no way associated with you or your business.
Again, it completely depends on the circumstances. If you have good backups that were not infected by the criminals, and you follow a careful procedure, you’re likely to recover in days. If you backups were infected, and/or a very large number of computers are involved, you can expect the recovery to take weeks.
Ransomware can be anything from a trojan virus on an individual workstation to a virus that infects an entire system, causing upwards of millions of dollars to recover from. Ransomware can be very serious, resulting in stolen valuable data, long down times, or crippling of businesses. Ransomware should not be taken lightly.
Ransomware attacks are like pests: if an exterior opening exists and there is motivation to get in, they can usually find a way. Sometimes they make their way in through emails or an internet browser download, sometimes through remote connections. Ransomware looks for vulnerabilities in older technologies, unprotected devices, or user errors. For these reasons, it is important to patch and maintain any potential holes you may have in your IT system.
Ransomware comes in all shapes and sizes. As the smaller end, it is a bug or trojan that may slow down a device. At the extreme end, it is a smart virus that can make its way through an entire network, shutting down machines, stealing data, or encrypting data and demanding ransom to unencrypt it.