It’s an increasingly common scenario. You turn on your PC and are suddenly greeted by a message claiming your computer is locked. The message will appear to come from legitimate organisations like the Australian Federal Police (AFP), and almost always demands a fine. As persuasive as these messages may seem, don’t reach for your wallet. These messages are actually part of a screen-locking ransomware hoax.
Screen-locking ransomware differs from file-encrypting ransomware like Cryptolocker that specifically targets victims’ data. Instead, screen-lockers hold your entire operating system (OS) hostage and may also encrypt your files. This means that when you boot up your computer, you won’t even be able to access your login screen, apps, and data.
Never pay the ransom
No matter how desperate your situation may seem, cybercriminals should never be trusted. Even if you do pay the ransom, it will only encourage hackers to attack your business again in the future. What’s more, there’s no guarantee hackers will return your files to you in one piece.
In fact, cosmetics company Heat Group recently suffered a ransomware attack that put their business in jeopardy. While paying the ransom was a tempting option at first, the company realised that hackers already deleted some information anyway. Ultimately, it took a week for the Heat Group to recover from the incident, costing them over $2 million.
That’s why if you’re infected with screen-locking ransomware, you should focus on restoring your systems with your IT team.
Contain the breach
The first thing you should do is isolate the infection to prevent further damage to your systems. Ransomware is designed to spread to other devices on your network, so disconnect your infected PC from the internet. Make sure to unplug external hard drives and USB drives to spare your files from ransomware infection. It’s also a good idea to take a picture of the ransom note for documentation and reporting purposes when you talk to support engineers and authorities.
Identity and remove the infection
Screen-lockers are not as sophisticated as file-encrypting ransomware, and in most cases, they can be removed. Before you do this, you need to identify the specific type of screen-locking ransomware.
Go to a clean device and use tools like No More Ransom and ID Ransomware. Then, type the ransom note, so the tools can identify the ransomware and recommend a suitable decryption tool. Keep in mind that a decryptor doesn’t exist for every known strain of ransomware.
If you’re confident that your files can be decrypted, restart your computer in safe mode. For Windows users, press Ctrl + F8 during the boot process and select safe mode. With Mac computers, simply hold the Shift key as the system loads. Safe mode enables you to only run essential system programs and processes. From there, you’ll be able to use your anti-malware program tool to scan for and remove the ransomware. Once you get rid of the malware, connect to your network and use the suggested decryptor tool to unlock any compromised files.
Windows and Mac also have recovery options that let you restore your system to a state that wasn’t infected by ransomware. This may not always be effective, however, because the ransomware can be embedded in different areas of your system.
The surest way to beat ransomware is to completely wipe your infected computer and reinstall everything. If you have backup solutions, load the versions that were made prior to the date of the initial ransomware infection. Reformatting your PC this way will ensure that there are no traces of ransomware in your system.
Prevent screen-locking attacks
Ransomware attacks are unlikely to go away any time soon, so you need to prepare for future attacks. Here’s how you can prevent screen-locking ransomware:
- Implement multi-layered security – Screen-locking ransomware can invade computers through system vulnerabilities and weak networks. To protect your business, you need advanced threat detection, firewalls, network monitoring, and anti-malware programs.
- Patch your software – Installing the latest security updates and bug fixes reduces your exposure to the newest ransomware threats.
- Exercise good security habits – You and your staff must be careful of every link, email attachment, or pop-up ad. Cybercriminals often use phishing emails and fraudulent web pages to spread ransomware to unwitting users. Security training and simulated phishing attacks are great ways to prepare your employees for real-world attacks.
- Back up your data – Ideally, you should have multiple sets of backups stored locally, on an external hard drive, and in the cloud. This way, if one set of backups fails, you can still recover your data. Cloud backups are particularly vital because they instantly save up-to-date versions of your files in secure off-site data centres. The cloud also allows you to access your backups from any internet-connected device.
- Assess your backups – It’s important to test and update your backups frequently to ensure they work in case ransomware hits your business. Consider running backup and recovery tests at least every quarter or when there are major changes to your computer.
Getting locked out of your computer due to a ransomware attack is one of the scariest experiences you can have. If you don’t understand how the ransomware works, you stand to lose your entire business. Empower IT can prevent this by offering all the security tools and services you need. We’re one of the few managed IT services providers in Australia who can help you recover from and prevent ransomware attacks. Call us now!