Ransomware attacks and phishing emails are on the rise, which is why it is important to make sure your system is not vulnerable. If you think ransomware has infected your computer, follow these steps:
What to do if you notice ransomware
- Disconnect your machine from any others, and from any external drives. If you’re on a network, go offline. You can do this physically by removing the Ethernet cable from the back of your machine. If you’re wireless, there is sometimes a physical button on a laptop to turn on or off Wi-Fi capability. Otherwise, power down your router. You don’t want the ransomware to spread to other devices on your local network or to file-syncing services such as Dropbox. Do NOT turn off your PC if you can avoid it.
- Use a smartphone or a camera to take a photograph of the ransom note presented on your screen. If you can still take a screenshot, do so as well.
After this, you need professional help from an IT security firm. There are lots of these and will vary by area you live in. I’d recommend someone local who can physically come to the office to assess the situation. A good idea would be to scout out a quality company beforehand and have them on file. If you follow the preventative steps, this part will already be done.
What to do before you get ransomware
- Backup, backup, backup! Make sure you have a good disaster recovery solution in place for critical data. This will require the help of IT professionals to ensure best practices against attacks like ransomware. Be sure to test the recovery solution often to ensure backup integrity and to train yourself on how to use it when needed.
- Get a security audit done of your system(s) and network from an IT firm. This can help find commonly used vulnerabilities and patch them before they can be exploited.
- Train your staff to watch out for suspicious activity via downloads, email, or website usage. Most security firms offer this training as well.