Ransomware? Don't reboot!

shmu26

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
Experts: Don't reboot your computer after you've been infected with ransomware
Rebooting may lead to restarting a crashed file-encryption process, potential loss of encryption keys stored in-memory.

Security experts don't recommend that users reboot their computers after suffering a ransomware infection, as this could help the malware in certain circumstances.

Instead, experts recommend that victims hibernate the computer, disconnect it from their network, and reach out to a professional IT support firm. Powering down the computer is also an alternative, but hibernating it is better because it saves a copy of the memory, where some shoddy ransomware strains may sometimes leaves copies of their encryption keys

Experts: Don't reboot your computer after you've been infected with ransomware | ZDNet
 

Gandalf_The_Grey

Level 76
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,505
Experts: Don't reboot your computer after you've been infected with ransomware
Rebooting may lead to restarting a crashed file-encryption process, potential loss of encryption keys stored in-memory.

Security experts don't recommend that users reboot their computers after suffering a ransomware infection, as this could help the malware in certain circumstances.

Instead, experts recommend that victims hibernate the computer, disconnect it from their network, and reach out to a professional IT support firm. Powering down the computer is also an alternative, but hibernating it is better because it saves a copy of the memory, where some shoddy ransomware strains may sometimes leaves copies of their encryption keys

Experts: Don't reboot your computer after you've been infected with ransomware | ZDNet
Another good reason not to disable hibernation (y)
 

Cortex

Level 26
Verified
Top Poster
Well-known
Aug 4, 2016
1,465
Best protection are external backups, my worst case scenario backup is a 3 TB external hermetically sealed buried exactly 22 metres from the centre of Sherwood Forest 3 metres down - It can only be accessed by moonlight on the winter solstice which does have disadvantages in mid summer I admit - But I'm working on another plan - But security isn't a dirty word ...

Edit: I choked on my beer when I saw I need to enable Hibernation !
 

[correlate]

Level 18
Top Poster
Well-known
May 4, 2019
801
Don’t restart your computer after a ransomware attack
According to research conducted by a team of security researchers from Symantec in association with Stanford and New York Universities, it is better not to restart a computer after it suffered a ransomware infection as it can propel the malware infection further.
So, experts are urging the victims to either hibernate their infected PCs or power them down as it helps save a copy of the memory where usually most of the ransomware strains store their encryption keys. Symantec Survey says that experts are recommending against PC reboots as it does worse than good.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top