How to Respond to a Ransomware Attack

After reading an article on FreightWaves about a ransomware attack on TFI’s Canadian courier divisions, here is helpful advice on what to do if you find yourself a victim of this type of cyberattack, reprinted from a column I write for a local newspaper. If you are on a company network, your first step is to alert your IT department who will follow company protocols for this situation.

What if you heard a voice demanding payment to release your suddenly locked down computer files? No, you wouldn’t be crazy, and this is exactly what happened to one of my technology column readers in the Standard Examiner, a newspaper in Utah.

“While on Facebook, I wanted to read about the vice-presidential debate. As soon as I clicked on the article and started to read a pop-up came up on my screen and a voice actually came over my speakers telling me I had been hacked and had five minutes to to pay $500.”

And he paid. However, on his daughter’s advice, he went immediately to his bank and stopped payment. He took the extra — and smart — precautions of closing his accounts and stopping all automatic payments and deposits. He then had his computer cleaned by a local expert service that said it saw 18 to 20 similar cases each week.

Ransomware can enter your computer in a number of ways. It is typically spread through phishing emails that contain malicious attachments, social media links and drive-by downloading. Drive-by downloading refers to a person who unknowingly visits an infected website where ransomware is downloaded and installed without his or her knowledge. It can also be transmitted through Web-based instant messaging applications. And if holding your computer hostage wasn’t bad enough, this malware may also infect your computer with other viruses such as keyloggers, which record your keystrokes and send them onto the criminals responsible for the malware.

What can you do? Unfortunately, some ransomware slips by ordinary security and once you’ve been locked out of your computer, there is little you can do — unless you are prepared. First of all, backup all of your important files and store them away from your computer. You can use the cloud like with Google Drive or Microsoft’s One Drive or copy them onto a USB drive. At the same time, download Malwarebytes to another USB drive to use in case of a malware emergency.

The criminals behind ransomware are counting on you to panic and pay — don't do it. You may see threats of an increasing ransom amount for each hour that passes and threats of permanently destroying your now-encrypted and inaccessible files. While you might hear a recorded threat, you also might see a chat window. These criminals are now using live chat to “help” you through the payment process to unlock your files.

Turn off your computer and walk away. Give yourself a little time to regain your composure. When you’re ready, you can turn your computer back on and start it in safe mode. Insert your drive, install Malwarebytes and run the program. This may remove the infection. (Note: If you do not know how to start your PC in safe mode, visit support.microsoft.com and search for the directions compatible with your operating system.)

If this fails, you have two options: Take your computer to a specialist (a pricy option) or restore your computer to its factory settings. You can get directions online for this process through Microsoft Support. Once you’re back up and running, use your USB drive to transfer your files back to your computer.

As always, follow standard security practices online at all times. Do not click on links or attachments in email, avoid links on social media and advertisements and visit only websites that you know and trust.
 

---