4 Steps to Take After a Ransomware Attack

4 Steps to Take After a Ransomware Attack

Ransomware attacks are on the rise. In the first half of 2021, the FBI received more than 2,000 complaints of ransomware – a 62% increase year-on-year. For businesses, being faced with this type of cyber attack can be scary. An attacker has taken your data hostage, which means private or sensitive information has fallen into the wrong hands. 

The hope of regaining access to that data pushes many businesses to pay the ransom. But is that the right step to take? Let’s look at four crucial steps to take after a ransomware attack.

4 Steps to Take After a Ransomware Attack

1. Don’t Pay the Ransom and Contain the Damage

When you’re faced with a ransomware attack, it’s tempting to consider making a payment just to get your data back. However, you have no guarantee that the attackers will restore access to your files. 

According to a report from CyberEdge Group, only 19% of those who pay ransomware demands get their files back.

Rather than focusing on the ransom itself, focus on containing the damage. Ransomware can spread through network connections, so disconnect all infected devices from the network, shut them down and disconnect your Wi-Fi. If you’re not sure which devices are infected, consider disconnecting all devices from the network.

Additionally, make sure that you take your shared drives offline until you have the situation under control.

Be on the lookout for new files that may go missing or suddenly become encrypted. 

2. Identify the Source 

The next step is to try and identify the source of the attack. Finding the source can be difficult and, in some cases, impossible. However, it is still worth the effort.

Look for any systems that:

  • Haven’t been updated
  • Have misconfigured software

Ask users for input. Who was the first person to notice signs of an attack? Did that person click on a link in an email? What kind of unusual activity did they experience?

Understanding how you became a victim of a ransomware attack can help you implement effective strategies to prevent future attacks. For example, let’s say that the ransomware was due to someone clicking a suspicious link in an email. In this case, additional training can help users identify phishing emails and may prevent future attacks. 

3. Be Transparent with Users 

Following an attack, it’s important to be transparent and honest with users. Alert users through an email announcement or on your company message board. 

If users are working on-site, check in with them to make sure that they’re aware of the situation and the things they need to be on the lookout for.

4. Consider Restoring a Backup

If you want to regain access to your data without paying the ransom, restoring a backup on a clean system is a good place to start. 

Following a ransomware attack, it’s important to implement measures to help prevent future attacks. Our team specializes in cybersecurity in Miami, and we can help implement systems and protocols to help reduce the risk of ransomware attacks in the future.