Ransomware Removal: 6 Tips to Get Your Data Back

It’s 4:00 PM on Friday. Your IT director has just called to tell you that there appears to be a problem with key data on your system. A user of the network opened an attachment, and now her machine and the shared drive she accesses and uses routinely are encrypted. Worse, there is a demand note displayed on her system.
Your data is being held for ransom.

What do you do?

1. Act quickly
   • Many pieces of specialized malware known as ransomware have a time limit. Delay can cause the ransom costs to increase, allow for a deeper infection or lose access to the option to pay for the encryption key.
2. Quarantine
   • Disconnect the affected machine from the network
   • Do not move data or remove the malware….yet!
3. Determine exposure
   •  What storage devices were attached to the attacked machine?
   • What network drives were mapped to it?
   • What sensitive data is on the machine?
   • Remember that many versions of this attack also include a download of hidden, credential-stealing malware or spam-based malware.
4. Verify your backups and preserve logs
   •  Restore your data to a separate machine.
   • Verify the copy before removing data from old machine.
   • Keep all logs for the affected system and network – make sure that they are not rolling over or being open to encryption.
   • If you can . . . wipe the old drive and rebuild.
5. Call kroll cybersecurity for expert help (1-866-419-2052)
   • Kroll will have the affected machine checked for malware.
   • Kroll can install monitoring software to check to see if the attacker is really gone.
6. Call the police/law enforcement
   • Kroll will help you provide a copy of the attacking malware.

Watch Now

Kroll's Cyber Security Ransomware Webinar is available on demand.