+34 911 599 883

+34 911 895 172

First steps after ransomware attack, instructions to follow

If you’re reading this, it’s that you’ve unfortunately been the victim of a ransomware attack. Our company has helped in hundreds of ransomware cases and we have some experience that we can share, and that’s why we’ve put together a guide with a few first steps of action after the attack:

1. Determine Source: 80% of the attacks are by remote desktop unsecured access. The other 20% by emails, or by running malware.
If you had remote desktop remote access enabled from a NOT SECURE handle to the server, this will have been its source.

 

2. You must close the remote desktop ports on the router and/or disable Remote Desktop Services on the affected computer. Never use that system again because it is not safe and you will be hacked again. In the future use VPN connection system OBLIGATORYLY, if this will not happen again as hackers use brute force tools to obtain passwords.

 

3. Make sure you have closed remote access to the server, because if no other hacker could encrypt on top of what already encrypted, or the encryption process re-encrypt on top.

 

4. Make a USB copy of the IMPORTANT encrypted files on your computer, and store them in a safe place disconnected from any computer, such as a drawer.
This copy is vital in case of another disaster, or the decryptor corrupts the files.

 

5. You must verify that all directories with important data have in the pirate’s instruction file the same hack ID or ID.
If there were different IDs there would be several infections, with different encryption keys or different hackers.
6. You have to check the server, its processes and reinstall an antivirus because the hacker has probably uninstalled it.
If you are in the same case and need our help or budget without obligation to:

_ Clean and protect the infected server.
_ Analyze if there is any possibility of recovering your data
_ Protect your network and install a secure VPN network
_ Install a 30-day demo of a good backup system so you never lose data again

Contact us at  at ransomware@soluciones.si and we will give you a quote without obligation.