5 Steps to Take After a Ransomware Infection

Author: Continuum CIO Hunter Smith.
Author: Continuum CIO Hunter Smith.

As a managed IT services provider, it is vital that you do everything you can to prevent your clients’ machines from getting infected with any malicious software. Letting them know that they can take some simple precautions—like having adequate security software (antivirus and anti-malware) installed on their computer, applying OS security patches, not clicking on suspicious email links they don't recognize and not opening unexpected email attachments—can be game-changing for your role as their MSSP, security partner and advisor.

The five following tips will ensure you’re able to effectively communicate to your clients how to deal with ransomware and keep them as best protected as possible with your MSSP services.

What to Do If You Find Yourself Infected

Even if your clients believe they are already protected against ransomware attacks, malicious code can still end up on their computer. If the computer does become a victim of ransomware (such as Cryptolocker) there are some steps they can take to mitigate the damage—so make sure you share these tips with your clients!

1. Ignore the Ransom Demand

DO NOT even think about paying the ransom. The demand does not come from any legitimate authority and there is no guarantee that if you pay the money you will ever get your files unlocked. If you pay, you are just passing your money into the hands of criminal gangs and encouraging them to continue with their illegal activities.

2. Remove the Ransomware from Your Computer

Although ransomware may appear particularly threatening, it is just another form of malware. There are many companies online that offer low-cost phishing and ransomware tools, or malware removal tools, including Microsoft and Bitdefender. Both of these sites offer detailed instructions on how to eliminate the ransomware from your computer. It is wise to remove the ransomware as soon as possible. The longer that you leave it on your system, the more opportunity you are providing for the malware to spread, both encrypting your files further and potentially spreading to other computers connected to the network.

3. Update Your Antivirus, Anti-Malware Software and Patch Your OS

If your current antivirus protection lets the ransomware get on to your computer, then there is likely a problem with it. It may be corrupted, or perhaps it is not being updated regularly with the latest antivirus definitions. If you are going to properly protect your computer system in the future, it is vital that you have a working and advanced antivirus program installed. If your software isn’t up-to-date, either update it immediately or uninstall it and replace it with a new one that will offer you adequate protection from ransomware and other cyber threats. Once you have the new antivirus software installed, it is always a good idea to run a full scan of your system to make sure there are no further problems that need to be dealt with on your computer.

4. Update Your Passwords

Once you regain access to your computer, it is a sensible precaution to change all of the passwords that you use to access websites and other accounts. If your antivirus protection has been breached, you have no idea what information may have been gathered from your system. The safest approach is to change all of your passwords and access codes and then monitor your accounts for any indications of suspicious activities.

5. Always Back up Your Files

If your systems become infected with ransomware, it's likely that you are going to suffer some damage, corruption or loss to your computer files. The best preventative measure you can take is to regularly back up your files on an external system (either other hard drive or in the cloud—or both), so that if your computer is taken hostage, you have your files in another location. However, if you do find yourself infected, removing the malware quickly and following these simple steps can minimize the damage and reduce the risk of further infection as much as possible.

How to Avoid Ransomware in the Future

To address your clients' top cyber concerns, you need to be able to define exactly what you’re protecting them against. Luckily, Continuum's Profile & Protect product can help you ensure complete protection from today’s increasingly advanced threats by allowing you to creating advanced profiles and identify gaps in coverage on a per-site basis.

When you “profile” certain attack vectors using common attacks types like ransomware, you’ll be able to clearly communicate to clients exactly what it takes to protect against their biggest risks and which technologies are required to remain as secure as possible. The profiles you create should align with specific customer needs and tell you where exactly security gaps lie. That way, you can address those gaps and predict and manage risk on an ongoing basis with your MSP cybersecurity and threat management services.

Bonus – Watch This: Continuum Security is the advanced cyber security solution you need to deliver the protections your clients demand. Tune in on July 25, 2018 at 11:00 am EST as marketing experts present Redefining Cyber Security: Win SMB Clients with The Right Message. Learn how to effectively position your offering to SMB clients. Register here!

Hunter Smith is CIO of Continuum, which offers managed security services to MSPs. Read more Continuum guest blogs here.