These days, I don’t think you can have too many articles about what to do when you’re hit with ransomware, especially articles written by someone as knowledgeable as Paul Ducklin.
He includes sections on:
- Shortcuts to recovery
- Longcuts to recovery
- Cracking the encryption
And those cover most of the recovery options, which is what most people will probably want to know. Unfortunately, those options aren’t always there, hence the downbeat tone of the ‘What to do’ section:
What we are saying is that if you really need your files back, and you haven’t taken any precautions such as backing up, then you don’t really have any choice but to pay.
We’d rather you didn’t pay up, but if you do, we understand and respect your choice. (It’s easy to be high and mighty when it’s not your data on the line!)
I’m afraid I’m totally in agreement with that. However, he does follow up with a list of ‘useful ransomware precautions’, and we can never make too many of those recommendations either. This is certainly a case where prevention is a much better option than cure. In brief, his recommendations include, if I can summarize:
- Good backup strategy
- Disable macros
- Consider viewer apps
- Distrust attachments
- Don’t routine run with admin privileges
- ‘Patch early, patch often’