Got a call a couple weeks ago from a local church:
“we came in and open the computer and we have ransomware on there. We can’t even get to any of our stuff. It’s telling us to email somebody and so that they can free up the computer.”
How does this happen?
Generally these things happen because people click on things they shouldn’t. Whether in an attachment in email from someone they don’t recognize, a link in social media that sounds too good to pass up, or an advertisement for something they can’t live without. Once the user gives permission for something to open or run on their computer the game is over and the hacker wins.
What to do when it happen?
- Stop using the computer.
- Leave the computer alone! Do not carry out any further commands, including commands to Save data.
- Do not close any of the computer’s windows or programs. Leave the computer alone.
- Leave everything plugged in and do not turn off the computer or peripheral devices.
- If possible, physically disconnect the computer from networks to which it is attached.
- Call us immediately. Write down any unusual behavior of the computer (screen messages, unexpected disk access, unusual responses to commands) and the time when they were first noticed.
- Write down any changes in hardware, software, or usage that preceded the malfunction.
- Do not attempt to remove a suspected virus! Let the professionals do the dirty work.
How to prevent this from happening?
Layers of protection is the simple answer. A good antivirus installed to stop the bad programs from running, DNS filtering to keep users off of bad sites / advertisements, a good backup of all data to recover when this does happen, and most important of all EDUCATION – teaching users what safe internet usage looks like and having policies in effect to train them can mitigate 60-70% of infections.
If your company is would like to discuss the layers of security you have in place, then contact us for assistance.