According to research conducted by a team of security researchers from Symantec in association with Stanford and New York Universities, it is better not to restart a computer after it suffered a ransomware infection as it can propel the malware infection further.
So, experts are urging the victims to either hibernate their infected PCs or power them down as it helps save a copy of the memory where usually most of the ransomware strains store their encryption keys. Symantec Survey says that experts are recommending against PC reboots as it does worse than good.
As per the study involving 1,180 US adults who fell victim to ransomware in the past two years, 30% of them decided to restart their PCs which deteriorate the chances to recover.
Study says over 18% of victims used online tools to free up their database from the file encrypting malware while 22% of them chose to restore the data from backups. Also, 13% of them agreed they took the help of an expert to remove the malware while 5% of them decided to either format or remove the malware using Anti-Malware solutions.
The good news is that only 4% of them decided to pay a ransom while 3% chose to go for other means such as buying new hardware and software and such.
For those infected with older versions of screen locker ransomware, the best way is to reboot their system in a safe mode. However, this advice doesn’t work in cases where PCs are infected by modern ransomware versions
So, what’s your call on this issue….?
Note- Ransomware recovery takes place in two modes- first is to disable processes and mechanisms which are encrypting the files from the infected host. And second is to restore data from data backups. But if a restart is conducted in this phase, then the data recovery process has to be done from scratch….isn’t it? Wonder what experts say on this recovery procedure?