What if my system has been infected with a ransomware?
One of the novel challenges for the IT Professionals is the ransomware. You might come across news about ransomwares infecting users and even industries and, in some cases, they forced to pay the ransom to release their data. Normally, you would be able to take a preventive measurement like updating your devices and enabling security features to protect yourself against ransomwares but what if your system already has been infected? The objective of this article is to guide you on best steps when your system has been infected.
When your system has been infected, in most of the case it means you didn’t have any anti-malware products or you have an anti-malware product but it is not update or it is not working well. There are some cases like your system is not update and it is due to a vulnerability or due to zero-days which is more complex scenario but, in most cases, it is due to not having basic security protection in place. Fort this reason firstly you have to download the Microsoft Safety Scanner on the infected system and then run a full system scan with it. Sometimes, the scanner might be blocked by the malware, in such a case you may try to boot into Safe Mode and then run the scanner (Start your PC in safe mode in Windows 10 ) . It is important to run a Full scan and once it completed take a note of name of malwares. In case you close the safety scanner, you don’t have to worry because log files will be placed in the %SYSTEMROOT%\debug\msert.log. Normally, name in case there is a ransomware, they name of malware will be started with Ransom and you may go to the internet and search for it to learn more about the ransomware and if there is anyway to protect your data or recover them. In addition, ransomware will change extensions for your files and folders and you may search it on the net to see what are the solutions. In case, it is a well-known ransomware, you will find a tool to recover them. You have to make sure only use and visit trusted websites (like the one from the well-known anti-malware products).
In the worst case, you might not be able to recover your files and you should NEVER pay to them and instead you may look for advance recovery tools and, in some cases, you might be able to recover part of your missing files. In case you have a regular backup policy, then you could recover your backup. In case you observed a malware and it is not being detected by Microsoft Anti-Malware products, then make sure report it. Take a look at Submit files for analysis by Microsoft