Ransomware Checklist

Barracuda, whose software I use for the IT side of my business provides a checklist for response to ransomware attacks. This checklist is aimed at managed service providers, which is what I have done since 1995, though I’m slowing down now.

I had two clients in that time hit by ransomware attacks. Both recovered, primarily because of good backups that were isolated from the system(s) compromised. One of those clients required a couple days of work to straighten out because they did not follow the checklist. Immediately isolating potentially infected systems as this checklist suggests, is critical. Notification was delayed by about 8 hours in one case, and in fact I discovered the infection myself. That required a long time to get all systems cleaned up and ready to go. In the other case I was notified within minutes and the user immediately shut the infected system down.

Individual users are much less likely to be hit by ransomware attacks, but that does not mean it won’t happen. If you suspect you have responded to a bad email, such as through a questionable link, or if you have opened an email attachment, shutting down the machine and getting an expert to check it is a good precaution. If your computer or other device is behaving in a manner you consider weird, a precautionary scan is good.

Of course, a major key is to have backups stored where they are not accessible from the machine. Online backups are good if generational copies of files are kept, as Google Drive or Microsoft OneDrive do. The safest, however, is to have a copy of any critical data on a device that you disconnect from your computer and store safely.

Vigilance is useful. As I have said to my clients for years: Paranoia has served me well!