Ransomware Detection And Removal

Ransomware is the most urgent cyber threat targeting organizations today. Due to devastating ransomware attacks, disruption to critical infrastructure services is an ever-present threat. Protection against ransomware should be core to any cybersecurity defense strategy.

We outline how Critical Insight's cybersecurity experts interact with each organization we work with to ensure adequate protections on our ransomware prevention page.

What should you do if ransomware evades your protection measures?

Responding to a Ransomware Infection

Critical Insight has the experience to advise you on your options and course of action if ransomware does infect your IT systems. Our cybersecurity experts have been called into numerous organizations to assist them in response to attacks, and to help them decide how to proceed to return to operational status.

We also have lots of experience in detecting ransomware attacks early on networks in organizations we currently protect. Procedures are put in place to stop attacks in their tracks and to remove the ransomware and the cybercriminals from the network.

Every organization and its network and IT systems are unique, so the response to a successful ransomware infection will be different for each. But to remove ransomware organizations have three main options. Critical Insight's cybersecurity experts can consult and liaise with any organization that has suffered a ransomware attack, and help them decide on the best way forward to eliminate the ransomware.

Removing Ransomware

The best way to deal with ransomware is to detect it early and prevent it from spreading and disrupting IT systems. If the worst happens and encryption has rendered IT systems inoperable, IT teams can follow three paths to get back to normal.

  • Make the ransomware payment - we can advise on whether paying the ransom is advisable. We are generally against paying the criminals but understand why some organizations see it as the only option. Bear in mind that about 40% of the organizations that pay the ransom never receive a way to decrypt their files. Let our business and security experts advise you before taking this step.
  • Restore encrypted files from backup - in some cases system administrators can delete the encrypted files and restore copies from the last good backup. It depends if the ransomware variant is doing selective encryption or encrypting everything. The ransomware will need removing as well for this selective restore approach. In reality, this approach is often unavailable, and the option below will need to be followed.
  • Wipe infected systems - this is the only surefire approach to get systems back to an operational state. Resetting the device, formatting the drives, reinstalling the operating system, and restoring a backup from before the attack will get systems back to normal. Specialist tools will need to be used to ensure that ransomware does not remain in a place that the reset doesn't clean, as this will allow the ransomware to reinfect the device.