Ransomware victim ? Read this!
Translated from the korben article
REvil / Sodinokibi, GranCrab, Egregor, Sekhmet ransomware will not stop as 1/3 of the victims pays the ransom.
The new threat model is that the data is in addition being exfiltrated .
As example with REvil for some victims which data was exfiltrated and paid the ransom, data was published anyway.
The next threat will be DDoS attacks to force the payment.
I have a mailbox always full and constantly desperate people write to me cause they "caught" a ransomware.
Here's my advice :
- Take a deep breath
- Write down the name of the ransomware and keep it somewhere
- Remove the hard drive from your computer and put it in a box
- Install a new hard drive
- Make offline backups of your computer and install an antivirus
- Finally, take a look from time to time at No More Ransom to see if a file decryptor is available for your ransomware
The decryption tools of the No More Ransom page.
For example the decryptor for GrandCrab (1,5 million of victims) is available.
If you follow this advice and you had kept the cursed disk, it's maybe the time to reclaim what you owned.