Prosource | Business Technology Blog

5 Steps to Take in the Event of a Ransomware Attack

Written by Carrie Fuesel | 6/26/18 1:52 PM

Hackers are increasingly targeting businesses to get access to their files, passwords, sensitive data, and more. Ransomware is malicious software that encrypts data on your computer using a key that only the hacker knows. Once the hacker has all your data, they will often demand money for the files to be returned. Ransomware can be costly and scary. In fact, 71% of companies targeted by ransomware attacks in 2017 were infected.[1]

[You Might Also Like: Blog Article -  "How to Prevent Common Cyber Attacks"]

So, what do you do if this happens? Here are five steps to take if your company gets hacked.  

1.  Don’t Panic

The first reaction people naturally have when they realize their computer is infected is to panic. You think the best thing to do is to just pay the people if they demand money, and then move on, right? Wrong. Paying the ransom is no guarantee that you will successfully retrieve all your data. In fact, in 2017, 1 in 5 businesses that paid the hacker never got their files back.[2] Additionally, paying the ransom demonstrates to the criminals that you are willing to pay for your data and may result in you becoming a regular target for attacks.

2.  Disconnect

Some ransomware spreads through network connection. When you first suspect an attack, take the device offline. You can do this by shutting off the Wi-Fi, shutting off your computer, or pulling out the ethernet cord from your computer. The sooner you disconnect from the network, the better your chances are of containing the attack. Disconnecting as soon as you suspect an attack can help decrease the damage. It takes time for the software to encrypt all your files, so disconnecting from the network can stop them from getting to all of them.

3.  Investigate

The next step is to figure out how and why this happened. Ask your employee who got hacked if they visited any new websites they normally don’t, if they clicked on a link in strange email, or anything else that was suspicious.

[You Might Also Like: Blog Article - "How to Spot Common Cyber Scams"]

You may need to hire security consultants to fully determine what happened. This way, you can figure out how the hackers got in, what data, computers, and files were compromised, what was stolen, and if any customers, employees, or business partners were affected. This will also help you determine if it is necessary to hire legal consultants. After figuring out what and who was affected, communicate the problem clearly and quickly to employees and customers.

[You Might Also Like: Blog Article - "Wanacrypt: How a Layered Approach to Security Protected Prosource Customers from a Global Ransomware Outbreak"]

4.  Restore Data and Remove the Infection

Once the virus is detected and you understand where it is and how it got in, you must clean up your infected computers, passwords, data and files, website, and make sure that the virus is gone.  If you have a good backup and disaster recovery plan, all you need to do is recover your computer and restore the data. Having a disaster recovery plan is very important in situations like this. You won’t have to worry about paying a ransom or losing all your data, all your files will be restored from your latest backup.

5.  Check Your Security

The virus most likely got through because of your company’s current security plan. Make sure that your security is actively defending all your critical files and company information. If you haven’t already, adopt a layered security approach to keep your business safe from future ransomware or other cyber attacks. Also, double check that all your defenses and data backup plans are up to date and running efficiently.

These five steps are a great start if your company gets hacked; however, it’s important to have documented plans such as business continuity and backup recovery to protect your business from ransomware attacks. Security breaches and hackings can be much more stressful and complicated if you do not have disaster recovery and business continuity plans that can be activated once an attack occurs.

[1] Crowe, Jonathan. “Ransomware Statistics 2017.” Barkly Endpoint Security Blog, June 2017, blog.barkly.com/ransomware-statistics-2017.  [2] Crowe, Jonathan. “Ransomware Statistics 2017.” Barkly Endpoint Security Blog, June 2017, blog.barkly.com/ransomware-statistics-2017.