HKCert
HKCERT logo Hong Kong Computer Emergency Response Team Coordination Centre

HKCERT logo Hong Kong Computer Emergency Response Team Coordination Centre

Security Guideline

Help: How to handle ransomware infection

Release Date: 06 / 04 / 2018
Last Update: 06 / 04 / 2018

The following information is about preventing and handling ransomware infection.

 

Cyber criminals make use of ransomware to encrypt computer files, and demand for ransom from the victim for decrypting the files. But even if the victim pays, there is no guarantee that the files can be decrypted.

 

In order to minimize the risks of ransomware, you should:

  1. Perform regular offline backups on important data
  2. Ensure that OS, software and anti-virus signatures are kept updated regularly
  3. Do not open suspicious email attachments and website links

 

If your computer is infected with ransomware, you should immediately disconnect it from network, including wifi connection, and remove any external storage such as USB hard disk. If you want further assistance from us, please prepare the following information:

  1. The purpose of the affected computer, such as server or desktop computer, and also OS version.
  2. Screenshot of ransom message.
  3. The file name and extension of the encrypted files

Related blog or guideline:

  1. Beware of WannaCry Ransomware Spreading
  2. Fight Ransomware Campaign