What follows is a cautionary tale from someone who was targeted by Ransomware:
The corruption of my computers by Ransomware
We are a payroll Bureau, and totally reliant upon the use of computers. The first indication of any corruption was the ransom notice appearing on a screen. It came in the form of a demand, a telephone number quoted, and a time limit by which the call had to be made. After the time allowed to make the call had expired all the files on the machine would be rendered useless. It was not possible to clear the message from the screen, thus rendering further use impossible. Closing and restarting was also not a possibility. I promptly closed all other machines on the network to ensure there was no further contamination. This virus had managed to circumvent all the protective software on the machine. The whole system was taken out of use, and a backup system was used to enable us to continue the payroll business on an emergency and limited basis.
The virus, I believe, came in on a spurious invoice that I opened believing that it was just one of many I received from suppliers of clients that come in on a regular basis. There were no obvious signs that there was anything unusual about it until it failed to open any invoice.
What to do next.
The advice I received from the experts said make the call and pay. I could not understand this as I fully expect having once paid I would be targeted again. In the event, the corrupted machine was taken out of service, even though it was the command machine, the hard drive was taken out and destroyed, and a rebuild was undertaken with utmost haste. New hardware and operating system was installed, as was all the working software. Data was not a problem as multiple copies are always maintained. It took 4 days to be fully up and running again, and another week or so of ensuring nothing else was infected. A lot of attention was given to what protective software was to be used so that this would not happen again.
The true cost of this sort of infection is difficult to quantify. New hardware, drives, memory, operating system and incidentals probably did not cost more than £500.00. Time and disruption was rather more. Without a complete copy of data, that was kept away from the infected machine, the task would have been impossibly long and complicated, and likely not possible within the timeframe that would have been given by clients and various authorities. The real cost lay in the amount of hours/days that it took to reload everything and to ensure it all performed ok and the data used was ok.
There is little one can do about what comes in on a spurious email, but the protection you run must be fit for purpose. All the years of keeping the data meticulously backed up was crucial to being able to be running again so soon and without data loss. I do not know what cost the instigators would have exacted, or indeed if the corrupted files would ever have been fully cleaned. All the updates of both hardware and operating systems have been set against normal running costs and we were not down too long. Data backup certainly was the key to a difficult situation turning into a disaster.