When the bits hit the fan: What to do when ransomware strikes

2021-09-06 10:01

So let's say the worst happens - and you discover data ain't your data any more.

Thieves attacking your servers in search of credit card and other valuable data want to stay covert for as long as possible, but when they find they can't call home, they will go for the second bite and start encrypting your data.

Before you even think about connecting up to anything again, your machines need to be gone over with a fine-toothed comb, which goes beyond scanning machines for signatures but monitoring the network as they are brought back to detect anything that might be phoning home, and to sniff out unexpected data access patterns and spreading.

That's not yet illegal - although many strongly advise against it - and it will stick in your throat, but if you've reached that point, you need to make certain that your data can be retrieved.

Ransomware victim Colonial Pipeline , which is said to have paid criminals $5m in May this year for a decryptor, reportedly found that it ran so terribly slowly that they might as well restore from backups and just take the hit of the data loss despite having paid the ransom.

If you do pay the ransom and use a decryptor, you need to be ready for the fact that the data may have been mangled unintentionally - since encrypting live files is an inherently unreliable action and the criminal developers won't have been trying all that hard to manage its integrity.

News URL

https://go.theregister.com/feed/www.theregister.com/2021/09/06/what_do_do_when_hit_by_ransomware/

#ransomware