Security pros stated rebooting a computer after a ransomware attack could lead to restarting a crashed file-encryption process and cause potential loss of encryption keys stored in memory. Instead, the victims should hibernate the computer or disconnect it from the network, experts recommended.
According to a research report, powering down the computer is also a good idea, but hibernating is better as it saves a copy of the memory of ransomware strains. The report revealed that in 1,180 U.S. users, who fell victim to ransomware, almost 30 percent of them chose to reboot their computers to deal with the attack.
The report stated that there are two stages of a ransomware recovery process. The first is finding the ransomware’s items like processes and boot persistence mechanisms and removing them from the infected host. And, the second is restoring the data if a backup mechanism is available.
“The classical paradigm to defend against malware attacks has traditionally been victim-agnostic and reactive, with defenses focusing on identifying the attacks like phishing emails, malicious websites, and files,” the report stated.
Ransomware has received considerable news coverage in recent years, in part due to several attacks against high-profile corporate targets. Multiple governments have fallen victim to ransomware attacks in recent times. In July this year, Louisiana declared a state of emergency after a wave of ransomware attacks hit school districts. The incident affected school systems in Sabine, Morehouse, and Ouachita parishes in North Louisiana. The attack infected the school’s computer and network systems with ransomware. The Emergency Declaration allows Louisiana’s cybersecurity experts to assist local governments in securing their network systems.
Recently, the Texas Department of Information Resources (DIR) revealed that around 23 Local Government Organizations in Texas have been hit with a ransomware attack. “On the morning of August 16, 2019, more than 20 entities in Texas reported a ransomware attack. The majority of these entities were smaller local governments,” the DIR said in a statement. “The State of Texas systems and networks have not been impacted. It appears all entities that were actually or potentially impacted have been identified and notified.”