Ransomware: Best Practices for Prevention and Response

I got ransomware. I had clicked on a Chrome update. The page said it was urgent and security related. I figured that since I had Malware Bytes running on my machine, I could click "update," even though I strongly suspected it was a virus, and then let Malware Bytes remove the virus. After I ran the "update" I ran Malware Bytes. It found two suspect files, and I had it quarantine them. Then I rebooted and ran Malware Bytes again, and those two suspect files showed up again. That meant the precursors of those files were hidden in registry. I knew from past experience that tinkering with registry was dangerous. I'd been successful at it in the past, and also failed and crashed a machine another time.

I recognized my files were about to be encrypted and that I would get the dreaded message that I had to pay X dollars in bitcoins or forfeit my files.

I decided that since all my files were backed up I would do a Windows reset. I didn't use a recovery stick or disk because I'd been too lazy to create one. My thinking had been that a reset would work in most circumstances.

Well, Windows would not reset, probably because the viruses messed something up, like maybe the master boot record. Or the program that runs reset.

I finally relented and installed Linux. Linux has strengths and weaknesses. One weakness is it doesn't run all the bells and whistles that Windows does. It's strength is that it's more secure than Windows.

Anyway, if I had created a recovery medium - USB drive or DVD - I most likely would have been able to reinstall Windows and overwrite the viruses. Too stupid too late. That's going to be on my tombstone.

Also, if I'd realized that Malware Bytes, while good, wasn't good enough to eradicate those viruses, I never would have clicked the fake update to Chrome.

I got arrogant. IMO, the universe punishes arrogance. Not the first time for me. "Oh Lord, it's hard to be humble ..."