Ransomware is a serious threat for all computer users. This malware encrypts user's data using a private key, preventing them from having access to their data until a ransom is paid; this ransom is usually in the form of Bitcoins. Once the ransom is paid, the attacker will use the private key to decrypt the user's data files; but this is all done at the attacker's leisure. The victim has to trust that the attacker will unlock the files.
Recovery from a Ransomware attack is possible but it requires some forward thinking and preparation:
- Have a backup of all documents and files in a separate physical location; this means that the backup cannot be saved on the same computer it was backed up from. Store this backup somewhere else; a safe, in the cloud etc...
- Have a cloned image and either: A) Creating a cloned drive (or also known as a mirrored drive) or B) saving that cloned image file to a external location.