It is your average weekday morning, you walk into your office, open your laptop, and you suddenly find out that all your files have been encrypted.
You proceed on to figure out what has happened, and you see a text file or an email that tells you your data has been locked, and you will get it back only if you pay a ransom. If that is the case, you have been attacked by a computer malware called Ransomware.
It is highly dangerous, and it will lock down the files on any computer it enters. If your computer has been infected with, there is no need to panic. You need to do these things quickly to make sure all other computers do not get infected:
1. Analyze Your Situation
The initial thing you need to do is analyze how this ransomware attack has affected you. The source of the virus could be several things. You do not necessarily have to click on something to get these viruses these days.
In some cases, you will be able to recover the files by using a ransomware recovery tool, while in other cases, you will have to get your files from the backup data.
In some cases, if the data is too valuable, you may have to consider paying the ransom as well. But to control the damage, make sure that you tell everyone at the workplace that your computer has been infected so all of them can take precautionary measures.
2. Lockdown Your Computer
The close thing you need to do is make sure that your computer is not connected to the server, and you are taking all the files you shared offline. If you did not click on the virus, you could also see your shared history as it can help you identify the source of the malware. If a particular user has opened too many shared files, it is highly likely that they are the source.
3. Shut Down the Source
While it can be a difficult thing to do in an organization, you will need to shut down the source user of the virus. It could be anyone from a senior position to junior level.
The IT personnel must be given the required permission to access that user’s computer and should track all the infected users before shutting the source down. It is essential to identify the source because this could help you limit the damage. If you start worrying about restoring files immediately, there is a high chance other computers will start getting infected.
4. Identifying the Type
There are several different kinds of ransomware viruses. To determine yours, you will have to look for the text file that the attacker left on your PC. You can use the screenshot of that file to scout the internet as there are a lot of communities out there that deal with ransomware discussions. Once you have identified the ransomware-type from that file, you will be able to move to the final step of recovery.
5. Verifying Backup or Paying the Ransom
Now once you have figured out the type of Ransomware, you can try to decrypt files by using software, but if it does not work, you are left with two choices. You can recover the backup data, or you can pay the ransom. For that, you will have to see how long it will take for the computers to recover the backup data and how efficiently it will do it.
You might end up losing some files, and your company will have to work a little hard to recover that difference, but instead of paying the ransom, this is the right thing to do.