Ransomware has become a buzzword in cybersecurity quarters over the last two years and rightly so. If you have suffered a cryptovirological attack, then how you deal with it at the onset will decide the extent of damages and subsequent ransomware removal and recovery measures. In this piece, we will try to discuss how one should devise their initial response to mitigate cryptovirological damages.
Stop the Lateral Movement
The majority of ransomware strains try to spread across the network to affect as many as devices as possible. For that matter, it is crucial to isolate the infection. The simplest way to do this is by disconnecting each and every device from the central network. Apart from disconnecting them physically, also check wireless connections (Wi-Fi, Bluetooth and near-field communication etc) and close them off. It is the least that you can do upon the detection of the cryptovirological script in your network to stop it from further proliferation.
Source Identification
Identifying the point of entry of the ransomware can eliminate half of your work, which entails the tracking down of the infection across the whole network. Subsequently, it will also help you to focus your ransomware removal measures in the right direction which will reduce the extended downtime. To detect the entry points, do this:
- Check alerts on anti-malware and intrusion detection software
- Look for suspicious email reports
- Check web browsers (some cryptovirological payload are dropped through compromised websites)
- Also, directly ask people since many times these attacks go unreported and undetected
Classification of ransomware
The third step of your initial response should be the classification of the cryptovirological script used in the attack. Find out what distribution technique and encryption module has been used to lock down the files. The expertise of ransomware removal experts can also come in handy here.