Your computer will not just “get infected” with ransomware, the malicious software that encrypts your files and requires a specified amount of money to unlock them.  You have to click on something or open something (perhaps unintentionally) to activate the trigger.  Last year, CryptoLocker ransomware got a lot of attention, and we’re now dealing with CryptoWall, which is a variant of CryptoLocker.

If your computer becomes infected with ransomware, it can cost you both money and time to get your files back.  Here are 5 steps you can take to protect your business from ransomware:

  • Don’t open or preview email from people you don’t know. 
  • Even if you do know them but the subject line looks suspicious, check to make the sure the email address is legitimate. 
    • For example, Kathy Smith’s email is likely to be ksmith@companyname or Kathy.smith@companyname, not slatmo.bruknik@randomcompany.si.
    • If the email address doesn’t match, the person’s email has been spoofed and the bad guys are sending potentially damaging emails to his or her contact list.
  • Don’t open files you were not expecting. 
    • For example, the body of an email (from someone you know) might read, “Hey, I thought you’d be interested in this.”
    • There might be a file attached that’s called “Interesting”.  Don’t open it.
    • If it might be something you are expecting, create a NEW email (do not reply or forward) to that person asking about the authenticity of the email.
  • Even if you were expecting a file, don’t open cryptically-named files unless they are specifically introduced.
    • For example, the body of an email might read, “Hey, here are the investment lists that we talked about this morning”, and Investmentlist.xls is attached.
    • If you know the sender, I’d open it as long as you really had such a conversation that morning.
  • Have extra vigilance with nonspecific domains in an email address – aol.com, gmail.com, yahoo.com. 

If your computer is infected with ransomware, there is no “cure” and in all likelihood your choices will be to either pay the ransom to get the files back or restore the files using a pre-infected backup.

If you believe your computer has been infected because the icons start changing on your desktop (for example, PDFs change to generic Windows icons), then power down the computer immediately, even pulling the power cord out if you have to.  Call your IT provider right away.  Although they cannot remove or retrieve the locked files, they should be able to restore from a back-up.

Be mindful of what you click on, open, or view in emails.  Your vigilance will help protect yourself and your business from ransomware.