Security Pros do not recommend that users reboot their computers after encountering a ransomware attack as this may help the malware in certain circumstances.
Instead, experts recommend that victims place the PC into hibernation mode, disconnect it from their network and reach out to an expert IT support firm. Powering down the pc is also an option however hibernating is advised as a copy of the memory is saved in hibernation mode and poor ransomware sometimes leaves a copy of its encryption key.
The advice from experts comes on the back of a survey of ransomware victims in the United States where nearly 30% of the victims chose to reboot their computers following the ransomware attack.
|Restored computer from backup||22%|
|Removed by someone else||13%|
|Removed by Anti-Virus software||5%|
Rebooting in safe mode can work against old screen locker types of ransomware however it is not recommended when dealing with modern ransomware versions as modern versions encrypt files.
Based on the reports from ZDNet: Bill Siegel, CEO and co-founder of Coveware said that ransomware is typically designed to „crawl through attached“ drives. Any permission issues could trip it up therefore halting the encryption however, rebooting the system could help resolve the error that stopped the ransomware in the first place. In other word’s Rebooting the system could essentially allow the ransomware to „finish its job”.
Ransomware attacks and their variants are rapidly evolving every day. We now know that the highest percentage of PC’s infected by ransomware are after a reboot. Following a ransomware attack, the best option is to put your PC to hibernation mode as the hibernation mode saves a copy of the memory which can be extremely useful as poor ransomware sometimes leaves a copy of its encryption key.
Thank you for reading and for more details on our products and services feel free to visit us at intellope.com. You may just find what you need to boot your business forward.