Windows Help & Advice - UK (2020-05)

18 |^ |^ May 2020

R

Deal with ransomware

/RFNHGRXWRI\RXU3&RU¾OHV":HKDYH 

the tools and tips to get your data back

ansomware may not

be the threat it once

was – these days,

businesses are more

frequently targeted than

consumers – but that’s

not to say you’re immune. If you needed

reminding, ransomware is a form of

malware that encrypts all or part of your

drive before hackers demand a ransom

to provide you with the decryption key

required to get it back again.

Most forms of ransomware target your

data rather than locking you out of your

entire PC. For those that do, check your

security software’s website for a rescue

disc. Ransomware that targets your files

is trickier to remove – typically you’ll

need to use a rescue disc or boot into

Safe mode with networking to remove

the underlying infection before you can

look at recovering your files.

RHFRYHUHQFU\SWHGÀOHV

If you have a recent backup, you’ll

hopefully find your unencrypted files

are all safely housed here, ready for you

to restore. You may lose some recent

work, but that’s all. That said, if your

backup location is within reach of the

ransomware, it may have been breached

too – this is particularly true of network

drives where you’ve saved the network

credentials in Windows itself.

If your data is synced to the cloud,

then it’s likely the encrypted files have

been uploaded, but if you’re lucky your

cloud provider should have file

versioning enabled, allowing you to

attempt to roll back to the last

unencrypted backup. Instructions vary

depending on your cloud provider, but

taking OneDrive as an example, log into

your account at https://onedrive.live.

com/ and navigate to each file you want

to restore. Select it and click ‘Version

history’ to access all available versions

to preview (where supported) and

download an older version.

Sadly, you’ll have to do this for each

individual file you need to recover if

you’re relying on free storage, but if

you’ve an Office 365 subscription you

should receive a warning that lots of

files have been changed or deleted and

given the opportunity to roll back to

Protect your network shares

$Q\QHWZRUNGULYHHDVLO\DFFHVVLEOHIURP:LQGRZVLV

vulnerable to ransomware. Tightening security means

changing your network shared credentials. First, if you’ve set

XSDXVHURQ\RXU1$6WKDWVKDUHVWKHVDPHXVHUQDPHDQG

password as your Windows account for ease of access, log

LQWR\RXU1$6·VXVHUDFFRXQWVHWWLQJVDQGFKDQJHWKH

password to something unique.

$OVRPDNHVXUH\RX·UHQRWVDYLQJQHWZRUNFUHGHQWLDOV

when you’re next prompted to log on to a network share,

make sure the box ‘Remember my credentials’ is left unticked.

If – as is likely – you’ve previously saved credentials, type

¶FUHGHQWLDOV·LQWRWKH6HDUFKER[DQGFOLFN¶&UHGHQWLDO

Manager’. You should see entries for each saved network

password under ‘Windows Credentials’ – click the downward

arrow button followed by ‘Remove > Yes’ to clear it.

Finally, if you’re accessing the network share through a

third-party app – say your backup tool – you should be able

to securely store your credentials in the app itself, beyond the

UDQVRPZDUH·VUHDFK,Q0DFULXPIRUH[DPSOHVHOHFW¶2WKHU

Tasks > Edit Defaults > Network’ tab to do so.

Office 365 users gain

extra protection against

ransomware with any

files stored on OneDrive.

Delete any stored network usernames and passwords to protect your

network drives from ransomware.