Your System is Locked!

  • Published: Wednesday, Sept. 2, 2020

No one wants to see this dreaded message pop up on the computer. This message, or variants of it, mean that your system has fallen victim to ransomware. Your system is unusable and all of your files are encrypted.  Now what?

The first thing you need to do is identify the infected system(s) and remove from the network. This will help to prevent the encryption process from spreading.

If the ransom note (or title of the README.txt file, eg RYUK_README.txt) does not reveal the variant of the ransomware you can look at the encrypted files. Most times the malware will add an extension to the file that will be the name of the ransomware. For example, 1.jpg might become 1.jpg.ryuk.

Perform an Internet search to discover more information regarding the variant. There might be a public decryption key as we

Many removal tools are available to eradicate the virus from the device. However, it is recommended that the device is reimaged to remove any chance of something being missed. Scan the device with anti-virus and do not return any devices to the network until you are sure that it is clean.

Restore the files and run a scan afterwards. Make sure there are no remains of the infection before going back online.

Understanding how ransomware can proliferate is important. Most common is through a phishing or spam campaign. But it can also occur from malware delivered through untrusted resources and fake alerts. Use caution when downloading and installing software from third party sites.  

Don’t click on links or attachments in suspicious or unsolicited emails. Make sure to use a reputable anti-virus and anti-spyware solution and enable automatic scans and updates.

Train all users of the dangers associated with email and general Internet usage. Awareness is key for users to assist with preventing ransomware and other forms of viruses and malware from disrupting your network.

Most importantly, keep backups of all critical data. These backups should be kept off site and offline. Many variants of ransomware do not have a publicly available decryption key. The only way to restore your files is to restore from backups. Paying the ransom is not recommended as there is no guarantee that the cyber criminal will provide you with the key after paying.

Resources:

ID Ransomware
No More Ransom!
Decryption Tools