Experts advise users to set the computer on hibernate and disconnect it from the network. They also need to contact one directly company security. Some also recommend turning off the computer. However, hibernation is a better option as well stores copies from memory and this is important because some ransomware sometimes leaves copies of the encryption keys.
According to a survey, 30% of 1.180 respondents chose to restart their computer to deal with ransomware infection.
Rebooting was an effective method of removing older types of ransomware (screenlocker). Nevertheless, is not effective in dealing with modern ransomware that is encrypted archives.
“Generally, executable [ransomware] encrypts data after you get into the machine. But sometimes it stops and stops encryption, ”said Bill Siegel, CEO & Co-Founder of Coveware, a company that provides data recovery services after ransomware attack.
"If you restart the machine, it will restart and try to complete the encryption process. ”, Siegel said.
“A partially encrypted machine is partly encrypted due to some accidental error or problem. Victims must therefore benefit and have to DO NOT let malware get the job done ... Do not restart! ”.
Siegel said this advice applies to both of them corporate as for them household users.
In addition, he said that there are two stages to recover files after a ransomware attack.
The first stage is finding processes and mechanisms of ransomware and h subtraction them from the infected system.
The second step is restore encrypted data. This can be done easily if there are backups.
Siegel said that if the victims ignored the first step and restarted their computer, then all the files would be encrypted and would make the recovery process very difficult.
If the victim of the attack is any company, then the problem is even greater because you are wasting valuable time and money.
Ransomware attacks are one of the most common threats of our time, and all users must be alert to them.