Ransomware is a malicious program that encrypts a victim’s data or system, and blocks access to it until a ransom is paid. Typically, ransomware spreads through phishing email attachments and even malware-laced websites.
According to global market intelligence firm IDC’s 2021 Ransomware Study, 37% of organizations around the world suffered some form of ransomware attack in 2021. If your business is ever attacked, it’s important to recover as quickly as possible and protect your company from future attacks. Here are some things you need to do:
1. Isolate the affected devices
Ransomware can spread from one computer to another connected to the same network, so it’s best to immediately isolate any infected devices. Do this by unplugging the Ethernet cable, disconnecting them from your Wi-Fi network, or turning them off completely.
Disconnecting infected devices from your network reduces the chances of other computers getting infected, thus minimizing the potential damage the attack can do to your business.
2. Do not pay the ransom
Even if the ransom note claims that your files will be decrypted after you pay a certain amount, do not give in. This is because there's no guarantee that you'll regain access to your files. In fact, a study by research and consulting firm Gartner found that companies who pay the ransom only manage to recover 65% of their data. Paying will also only encourage the cybercriminals behind the attack to target more individuals and businesses.
3. Report the ransomware attack to law enforcement
Report ransomware attacks to your local police department and the FBI Crime Complaint Center. Law enforcement agencies may be able to help catch the perpetrators and get your money back if you paid the ransom.
4. Don’t depend on decryption programs
Even if you find a decryption program, it might not completely decrypt all of your files and the malware may persist on the system. Instead, reformat or replace your hard disks if you have a backup system in place. Replacing them depends on decryption programs, and you’re sure that the new ones are malware-free.
After reformatting or replacing your hard disk, use your backups to recover your apps and files. Use your off-site or cloud-based backups if you have one, as these are likely not affected by the ransomware attack.
If you don’t have a proper backup system, you can partner with a reliable managed IT services provider like Complete Document Solutions. We will help you secure your data on our off-site servers so you can easily recover your files even after a ransomware attack.
5. Check if data was stolen
The ransomware that infected your devices may steal your data and upload them to the dark web to be sold for a profit. You can verify this by checking your firewall for signs of data exfiltration, which typically appear as large file transfers sent to an unusual location. If your data was stolen, report the incident immediately.
6. Keep everyone in the loop
Inform everyone that might be affected by the ransomware attack such as your employees, suppliers, service providers, and customers. Let them know what you’re doing to recover from the attack and that they can expect limited or no operational disruptions.
7. Determine what happened
Conduct an investigation to determine how the ransomware attack happened so you can better prevent future attacks.
For instance, you might discover that the attack happened after one of your employees opened a malware-infested file. To mitigate the risk of future ransomware attacks, you need to train your staff to be better at recognizing and avoiding potentially malicious emails and files.
Need help protecting your California business’s IT infrastructure from ransomware and other cyberthreats? Partner with Complete Document Solutions! We will detect and repel malware in real time to ensure that they won’t affect your IT infrastructure. Talk to us today to get a FREE network and IT assessment.