To Customer Support To Customer Support
Solved

Details on how to recover from a Ransomware attack

M
Rank
Userlevel 2
Hello all,
I'm fairly new to Webroot.  I had a couple of questions on what is needed to recover a system that is hit by Ransomware. Sorry, I've searched until i'm sick of looking for answers.  I decided to try posting my questions instead.  If there is a guide for this already, can someone please point me in the right direction?  
 
Say I get hit with Ransomware and my entire system is encrypted and no longer usable.  
1.  What steps do I need to do at that point?  
2.  Do I need to log into my.webrootanywhere.com/ from another PC and try to recover my system?
2.  What information do I need to provide to Webroot support for them to try to remotely restore the system?
 
Basically I want to create an "emergency recovery kit" with details on recovery steps, Webroot contact information, my account info., etc.  I want to keep this information external to my computer so that if it goes down, I have all the information needed to start the attempted recovery of my down system. 
 
Thanks!
 
 
 
 
icon

Best answer by JP_ 17 May 2017, 20:09

View original

28 replies

B
Rank
@ wrote:
I expect you probably know this already but just in case ... are you aware of point #4 in the following article: http://www.digitalcitizen.life/4-ways-boot-safe-mode-windows-10 ?
Thanks Muddy. But at the end of option #4 it says this;
 
"If you have modern PC with a UEFI BIOS and a fast SSD drive, there's no way you can interrupt the boot procedure with your keypresses. On older PCs, with a classic BIOS and no SSD drive, pressing these keys might still work though."
 
My laptop (which runs Windows 10) is UEFI and also has a SSD. That's the computer I was trying to access 'Safe Mode' on. I was finally able to get there in a less-than-optimal way, though. Apparently Windows 10 will boot into "Automatic Repair" mode (which leads to Advanced Mode and Safe mode restart options) after two unsuccessful boots. So this requires doing a 'Hard' reset twice. Seems a little extreme, but so far this is the ONLY way I have found to access 'Safe Mode' from a powered-off state in Windows 10. :@
 
Cheers,
BD
Baldrick
Rank
Userlevel 7
Hi Muddy7
 
No worries...the more the merrier...just let me know when.
 
Regards, Baldrick
Webroot SecureAnywhere Complete Beta Tester v9.0.24.49, imaged by Macrium Reflect v7.2
M
Rank
@ wrote:

Thanks Muddy. But at the end of option #4 it says this;
 
"If you have modern PC with a UEFI BIOS and a fast SSD drive, there's no way you can interrupt the boot procedure with your keypresses. On older PCs, with a classic BIOS and no SSD drive, pressing these keys might still work though."
 
My laptop (which runs Windows 10) is UEFI and also has a SSD. That's the computer I was trying to access 'Safe Mode' on.
Yes, that was the point I was trying to make. That is why I added in my "Edit" paragraph that I was surprised that although I can't successfully execute Safe Mode with the F8 function key from my Windows 10 UEFI+SSD device (as expected), I CAN execute the Select Boot Device and the Go to UEFI function keys (unexpected)! Sorry! It seems my post was not very clear :(
 
Incidentally, on the subject of Ransomware attacks, I found, while browsing Google News, this article with an interesting slant on Microsoft's portion of blame for Wannacry and other malicious hacks: http://newsclick.in/wannacry-nation-states-and-what-president-microsoft-forgot-mention.
 
  • One surprising fact it cites (surprising for me though perhaps not for others better informed on this subject): "...calls for banning cyber weapons...have been issued by Russia and China for quite some time. It is the US which has hitherto refused to move in this direction."
  • One disturbing fact (again, for me!): "In India, it is estimated that even now, 70% of ATM's are running on old, unsupported XP"
  • And the cental point of the article: the writer's (arguable) contention regarding Microsoft's discontinuing its support for old products: "Why should companies, whose products are still very much in the market with significant shares, be allowed to walk away from their products? Should its monopoly over a certain product allow it to force its users to pay again and again for new software licenses, which quite often add very little to the users? Or in the worst case, as in the Microsoft Vista case, even degrades their performance? The time has come to insist that if a company “abandons” its products, it must open source its software and allow others to provide the support."

Reply


Terms & Conditions

© 2004 - Webroot Inc.

We have recently updated our Privacy Policies. We encourage you to read the full terms here.