Tech Tips

September 10, 2019

Ransomware Attack! What to Do in the First 10 Minutes

We hope you never have to deal with ransomware. However, it pays to know what to do if it strikes. If that, "Your files have been encrypted" screen pops up, don't panic! You can disrupt the attack before it gets worse.

Even with good cybersecurity running in your network, a ransomware attack can still happen. If it does, you'll instantly go from "confused stare at the screen" to "PANIC!"

Take a breath. Ransomware is bad...but you can take action against it. Do these 3 things when ransomware hits, and you can reduce the damage.

1. IMMEDIATELY isolate the computer from the rest of the network.

Ransomware likes to spread from one computer to another. If it appears on your computer, you may be able to contain it there by acting fast.

  • First, disconnect the computer from the Internet. That includes disconnecting any network cables, and shutting off Wi-Fi.
    • On most computers there's a Wi-Fi Shutoff keyboard shortcut. It's marked with a symbol like this:  Wireless Access Point - Off Icon
    • If you don't see a shortcut key, click the Network icon in the taskbar (Windows) or the top toolbar (Mac). Locate the Wi-Fi network name, and click "Disconnect."
    • If your screen's locked and you can't do any of this, skip directly to #3 below.
  • Disconnect any external drives.
  • Disconnect your webcam (if it's separate) or cover it (if it's built-in). Some ransomware will record you.

2. Do NOT turn the computer off.

Resist the urge to pull the plug! It's not always the best idea. Shutting down could remove files you may need, or hurt the computer's hardware. IT will need to examine the computer as-is anyway.

3. Notify your IT Department.

Call up your IT Department and tell them the situation. What you see on the screen, and what you've done in response. From there, it's up to them.

Your IT Department will try to clean the ransomware off first. If that doesn't work, they can restore from backup. You may lose some files in the process. Frustrating, but it could be much worse.

In medicine, there's the concept of "triage." Treating the most dangerous/life-threatening injury first, even if it means leaving a less-serious injury alone for a moment.

These three actions, if taken on first suspicion of a ransomware attack, work as triage for your company's network. At worst, you lose one computer, but you save everyone else's. As well as the company's critical data. That's good cybersecurity practice...or as we say, "good Cyber Fu."

 

UPDATED OCTOBER 2021

 

Do you have a cybersecurity question you want answered? Send it in to woof@planetmagpie.com and it may show up in our next "Cyber Fu Tip."

Related Articles
August 14, 2019
How to Foil the "Gift Card" Email Scam
August 14, 2019
Beware These 6 Signs of Impending IT Disaster!
April 07, 2015
3 Ways to Protect Against Ransomware (and Why Everyone Needs To)