This article also appears on Windows IT Pro.
A recent USA Today article about the nasty ransomware known as CryptoLocker made some awfully big assumptions about how to remove it. According to them, there’s nothing you can do to remove it. They aren’t exactly right, and we’ll explore why.
While there are, of course, cases in which it can’t be removed, there are certain best practices for defending against it and there are ways to remove some types of ransomware before it really affects the system it’s on. The best bet is to prepare for this type of threat beforehand. Here are two ways to prevent or remove malware, CryptoLocker, or other types of ransomware. Plus, they don’t even require antivirus.
Any business has a workforce with employees of varying tech-savviness. This means that some might not see an infected email attachment as a threat at all—they just don’t know any better. These are the people that could (and probably do) end up with the most problems. The remedy to this is to help employees understand how to spot threats and keep themselves safe while browsing. Any good IT admin can protect from most threats using antivirus, firewalls, and so forth, but no IT admin can protect all employees that aren’t familiar with the basics of cyber safety. Teaching safe computing practices to workers is one of the best ways to prevent threats like CyptoLocker from ever becoming an issue.
As is often the case, preparing for threats ahead of time is pivotal. Many businesses elect to backup critical servers, but might ignore backing up workstations because of the cost or effort involved, but having regular incremental backups of workstations is the best way to defend against threats like CryptoLocker. Instead of worrying about how you’ll get the files decrypted or worrying about actually giving the hackers what they want, you simply restore to a point-in-time before you were infected—it’s dead simple. Those that aren’t backing up might literally pay the price.
The above two solutions involve some pre-planning, but what if it’s too late for that?
Suppose one of the less tech-savvy members of your workforce ends up with CrytoLocker and you’ve got no way to restore a backup. Perhaps the backups you were taking were unreliable and can’t be recovered, or perhaps you didn’t take any at all. In some situations, removing CrytoLocker can be a simple process that starts by using System Restore and then scanning with a solid antivirus solution. You can also try restarting the computer in safe mode with command prompt and deleting the registry keys that reference the files affecting you (check out this article for some of the files extensions commonly associated with CryptoLocker). Of course, there are plenty of occasions where none of the above methods will work. If none of these methods work and you don’t have a point-in-time to restore to, you might be out of luck.
The thought of losing an entire system’s worth of data should at least illustrate the importance of taking care of things ahead of time. As always, thinking ahead about cyber-security is your best bet. If you don’t have a plan that addresses situations where cyber threats sneak past your security (or are downloaded accidentally by employees), it’s time to think about getting one. Ransomware will only become more ubiquitous in the days to come.
If you’re looking for protection against this type of threat, a solid ShadowProtect backup can help. Learn more on our product page.
Photo Credit: barit via Flickr.