What to do if you’ve been infected?
Do you think your PC or network may have been infected by WannaCry or another ransomware threat?
First and foremost, don’t panic. Being hit by ransomware is a frightening experience, but you can survive it.
Disconnect the locked PC from your network to prevent the ransomware from spreading, but don’t turn it off. You should probably do the same with any other devices on the network, in case they are already infected.
Next, find out what type of ransomware you’ve picked up. You might be able to discover this from the message on screen, or by searching for the exact message contents on Google. You can also upload a ransom note or encrypted file to ID Ransomware.
Once you know what’s hit you, you’re in a better position to find possible solutions. We strongly recommend immediately calling in the experts – either your work’s IT support team or a specialist information security firm.
If you’ve done regular backups as recommended, you should hopefully be able to get up and running reasonably quickly. If not, you may find some answers from sites such as MalwareTips.
Should I pay the ransom?
The short answer – and the answer given by every security firm (even the FBI) – is no. The theory is, if people don’t pay, ransomware will become unprofitable and the attackers will move on to something else.
That said, even if only a very small proportion of infected users end up paying, it still makes it worthwhile for the cybercriminals to continue their endeavours.
If you’ve got your personal files backed up online, you don’t need to pay. If, however, the ransomware has encrypted the only versions of your files that you have, you may feel that there’s no alternative but to give in to the criminals’ demands.
Are there decrypters available?
Although the files locked by ransomware can sometimes be decrypted using tools from the likes of Avast and Emsisoft, there is no guarantee that in future versions, the attackers won’t fix the flaw that allows this.
Just as software gets patched, so does ransomware, because the cybercriminals are always looking for ways to make their malware harder to defeat. One example of this is CryptXXX, which was recently updated to prevent a decryption tool from working. This reiterates the need to remain vigilant about opening emails, clicking links on the web and keeping your security software up to date.