What to Do When Your Business Is Hit with Ransomware

Share on facebook
Share on twitter
Share on linkedin

Imagine waking up to an unfamiliar wallpaper on your desktop, prompting you to pay up, or else your data will be permanently deleted. What will you do? Don’t panic. Deliberate is fast, and with the clock ticking, you need to move precisely to limit the damage.

Ransomware is one of the oldest kinds of malware that has been reaping billions over the past decade. Thousands of companies have been falling into the traps of ransomware masterminds—thinking that when they pay the ransom, they can quickly go back to normal. But that is not the case. These attacks go beyond your inaccessibility to data. The impact of the attack has already caused devastating damage to your company. While the infected devices are still usable, the temporary halt has resulted in a looming disaster for your operations and your company’s reputation.

With that in mind, there are alternative ways to prevent a ransomware attack from happening in the first place. The best defense is planning ahead and keeping a robust defense that will keep your business up and running regardless of what comes your way. 

There are important steps you can take in order to protect your company against a ransomware attack.

1. Take the infected computers and servers off the network.

Leave the machines powered on but don’t allow the criminals to expand to other computers or file-sharing services. Temporarily locking network sharing and checking file servers to see how far the damage has spread is priority number one. You should be searching for newly-encrypted file extensions that are out of the ordinary like .cry, .zepto, or .locky.

2. Find patient zero or the first person hit with the attack.

Ransomware can lock down a computer in minutes and start spreading quickly. If you can quickly determine the source and pull that person offline, you can limit the damage.

3. Don’t immediately pay the ransom.

While we realize it is tempting to pay the amount requested and get back to it, we like most others don’t recommend paying the ransom. Whatever you decide, we wouldn’t encourage engaging with the criminals on your own.

4. Take a picture of the screen or ransom note. 

If you don’t immediately see a lock screen, you can also look in folders for a new file, TXT or HTML, that says something like decrypt or instructions. You’ll need this later when you file a police report. 

5. Determine the kind of ransomware.

You’ll need to know whether you are dealing with encrypting, screen-locking, or something pretending to be ransomware. There is usually a screen that makes it seem like you can’t access anything, but it is worth trying to access your files on your computer and the network. 

6. Find out what is locked.

Is your data stored offsite and accessible? Are your applications working? Determine if your backups are available. If you can access your business applications and data through network backups – you can feel good about the decision not to negotiate. 

7. Clean the machine with antivirus or anti-malware software to remove the ransomware.

Once you’ve taken this step, there is no going back and deciding to negotiate with the criminals for the release of your data. It does allow you to move on and start working on getting things back. 

8. Determine the type of ransomware. 

There are a few online sites that will help you with this effort. Crypto-Sheriff and ID Ransomware are two popular sites that will let you upload the encrypted files and use those to figure out the exact version of the ransomware that hit you.

9. Look for a decryption tool.

Sometimes the ransomware is poorly coded, and you find someone else that has cracked the code releasing decryptor tools. No More Ransomware is one site to check.

10. Explore forensics and data recovery companies.

It is worth taking a little time to talk with these experts to see if they’ve encountered this ransomware and how they’ve handled it.

11. Don’t negotiate on your own.

If everything fails and you’ve decided to pay the ransom, we recommend working with experts to negotiate. It isn’t a good idea for business leaders to start engaging with the criminals on their own.

12. Don’t assume paying the ransom is the end of the situation.

You need to be sure your files are clean, and the criminal doesn’t have a backdoor into the system. It would be terrible to relive the experience in three months when the felon decides to slip in and repeat the process. 

Don’t assume that once you survive this attack, you are off the hook. If you don’t bolster your defenses, there is an equally good chance that you will be hit again. After the situation is resolved, you’ll want to begin working to boost your cybersecurity protections immediately.

With that in mind, there are alternative ways to prevent a ransomware attack from happening in the first place. The best defense is planning ahead and keeping a robust defense that will keep your business up and running regardless of what comes your way. 

Steps to prevent ransomware in the future:

Step 1: Get your network assessed

network assessment provides companies a holistic view of their overall IT health— from infrastructure, management, security, processes, and performance. It lays down a comprehensive view of your current IT state that helps identify opportunities for improvement. The goal is to achieve a level of cyber resiliency by using the right technologies that can assist in detecting anomalies that are out of the ordinary.

Step 2: Prepare a recovery plan

While being proactive is vital to any cybersecurity strategy, the people perpetrating these attacks are as innovative as they are dubious, which means you are still at risk of an attack. This is why a recovery plan is also important

Step 3: Educate your end-users

More than 60 percent of all malicious emails come in the form of a ransomware attack. Knowing this, end-user education is a key weapon in countering ransomware attacks. Train users to recognize legitimate and spam emails, thinking before clicking, and opening attachments with precautions. 

Step 4: Test your plan

Have you tested your backup plan? Most organizations realize the importance of this, yet have not tested their plans. When the attack happens, they don’t know how to react. With cloud-based data recovery and business continuity solutions, you can be completely covered when a cybercriminal works their way around your firewall and other protections.

Step 5: Monitor proactively

When it comes to ransomware, solutions are not one-size-fits-all. It is best to monitor and remediate proactively—whether it’s scheduling regular backups, patching servers monthly, and more, The goal is to achieve a level of cyber resiliency through using the right technologies that can assist in detecting anomalies that are out of the ordinary. 

Following these steps will help your organization prevent ransomware disasters from happening. Take the time now and prepare for the future then reap the benefits later. Partnering with a managed IT provider should also be on your list. They have a dedicated group of experts who know how to assist you with the latest technology without exposing you to new risks. 

At BlackPoint IT Services, we allow our clients to evolve with the cloud. As businesses scale for the future, staying safe while keeping costs under control can be complicated. Our goal is to make it easy for you and focus on what matters most.

Subscribe to our newsletter

By clicking subscribe, you acknowledge BlackPoint IT uses your information in accordance with its Privacy Policy. You may unsubscribe at any time by sending an email to info@blackpoint-it.com.

Partner with IT experts who can assess, deploy,
and manage your systems and infrastructure.

Outsource your IT team today.