Experts do not advise to restart the computer after an encryptor attack

Experts in cybersecurity do not recommend users to restart the computer after an encryptor attack and its entry into the system.

Under certain circumstances, this will play into the hands of the malicious program.

A team of experts from Stanford University, the University of New York, and Symantec base their recommendations on the results of a recent study that surveyed 1,180 adult Americans that became victims of encryption programs.

Read also: Ransomware – How to Decrypt It For Good?

Ransomware is a particularly persisting form of malware that restricts an individual’s access to their computer (e.g.,by encrypting their data) and demands payment to restore functionality.

While the first documented ransomware attack dates back to 1989, ransomware remained relatively uncommon until the mid 2000s. Since then, the attack has been automated and professionalized. It is believed to be highly lucrative, with previous damages estimated at hundreds of millions of dollars per year.

Using a detailed review of a representative sample of 1,180 adult Americans, we estimate that 2–3% of respondents were affected within 1 year between 2016 and 2017. The average amount claimed was $530, and only a small percentage of paid users (about 4% of the number of victims) reported payment”, – say the researchers.

Instead of rebooting, experts advise putting the computer into sleep mode, disconnecting it from the network and turning to professionals for help.

Though user cancompletely turn off the machine, but sleep mode is preferable, since it saves a copy of the memory. Some scramblers written negligently leave copies of encryption keys there.

Sometimes the encryption process is interrupted due to lack of access to mapped drives or a similar problem. In this case, restarting the computer will only do harm, because after the start of the system the malware will try to shut down”, – explains Bill Siegel, CEO and co-founder of Coveware.

Almost 30% of respondents tried to get rid of the malware by restarting the computer. Unfortunately, modern ransomware encrypting victim files does not forgive such errors.

About the author

Valdis Koks

Security engineer, reverse engineering and memory forensics

Leave a Comment