Ransomware Recovery

What will you do if you are affected?


Ransomware is one of the most common forms of cybercrime and one of the cyber threats most likely to affect common people working in business today. These threats may be an email that looks like it’s from your boss, or website looking like it’s advertising free appetizers at a local restaurant. Now, threat actors are using fear of COVID-19 to their advantage, and hoping we will click on items we would normally flag as suspicious. That could include anything from fake emails about government assistance to ads for scarce products.

No matter how prepared you are, cyber threats like ransomware are always a risk.

What Should You Do If You Are Victim To Ransomware?

  1. Isolate (disconnect and stop using) the device to prevent further infection within your network. If you are using a cloud service, contact them for further assistance.
  2. Do your best to identify the type of ransomware that you are dealing with to find out how to remove the ransomware. While some decryption tools can be found online, this may not be possible for all types of ransomware. If there is no such tool available for your needs, you will need to reset the device back to its factory settings and erase all the data it contains. This is where backups come in handy.
  3. Once you are free of the ransomware, remember preventative tips like update and patch your system and anti-virus, anti-malware, and firewall software. Change your passwords for any accounts that you accessed on the previously infected device, as the threat actors responsible for the ransomware likely have copies of your account information.
  4. Contact your local law enforcement agency and the Canadian Anti-Fraud Centre. Working with these agencies promotes awareness and monitoring of subsequent ransomware infections, especially if this is the first time a specific ransomware is used.