First of all what is Ransomware?
It is a virus that infects a computer. It scrambles up document files that are located on the computer and on any mapped drives it sees. So that means it does corrupt files that are located on a server.
How do you get Ransomware?
Ransomware is delivered by any of your typical means. However we have only experienced it where someone gets an email with an attachment and they are tricked into opening it.
What does it do?
It encrypts all your files and then requires you to pay them to unencrypt them. Basically holds your files for ransom.
How to overcome it?
Backup, Backup, Backup
Make sure everything is backed up. Backup is key to overcoming this. There are some stories of companies that were able to decrypted documents using various methods and also other tales of paying the ransom to get files back, but in the end recovery from backup is probably the most cost effective way without putting your company into potentially an even more complex situation.
Think Before You Click
Do not click on emails attachments unless you are sure who they came from. Even though they say they are from UPS or FedEx or some organization that sounds legitimate be very weary in opening it. First of all these organizations would never send an email like that, with an attachment. Secondly with a little more observation you will see there are
File Storage Wisdom
Thinking through where your files are stored can help you avoid several issues on top of a ransomware scenario. For example, it is a good idea to only have mapped drives to file you absolutely need to access and share. Limiting your access to other areas where you shouldn’t be is a good means to protecting the business. Also saving all data onto a medium such as a server or cloud that is regularly backed up is another smart preventative setup. What you don’t want is to have everything only on your C: drive with no backup whatsoever.
If you are aware or if you can make employees of your organization aware to disconnect the computer from the Internet as soon as the infection has occurred, this will save a lot of headaches. Once the infection takes hold, it will scan through all the network drives and corrupt those files, which is what will be prevented if the network cable is disconnected. Most infected person usually say after the fact, “Yeah I realized I messed up a soon as I clicked it.” If that is the case they should know better to just unplug the network cable or shut down their machine.
Running Scans Disconnected
Malware scanning application such as Malwarebytes can be installed and run on your computer to knock off the culprit. However this is a bit tricky since you need the Internet to install it and get an updated definition set but you also should disconnect so further encryption doesn’t occur. Consulting a professional to deal with the infected box is probably the best practice. They will know how to connect in various ways to avoid the issue while still getting malware scanning application updated.