Ransomware attacks can happen to anyone at any time, but don’t feel helpless if your organization falls prey to a cyberattack.
If you’re the victim of a ransomware attack, there are five steps you can take to respond appropriately.
Disconnect any infected device from your main network, including all Bluetooth devices and SMB connections. This will help prevent lateral movement from ransomware and keep other devices on your network safe.
When reporting a ransomware attack, be sure to gather as much information about the attack as possible, including email addresses, IP addresses, and triage information. One great way to get a lot of evidence is to provide an image of your server. The following is an additional basic checklist of information to collect for cyber forensic experts:
Reporting ransomware attacks is often required by law, depending on your region and/or industry. Once you’ve gathered all the data you can, it’s time to file your report to the FBI. You may also file a report with the FBI’s Internet Crime Complaint Center (IC3). They will request the following information:
If you don’t have a backup of your data, there is no guarantee that you will be able to recover it, even if you pay the ransom. The best way to recover your data if backups are not an option is to partner with law enforcement and/or cyber forensic experts to find decryptors which may be able to remove the encryption from your data.
Many “outdated” ransomware threats have decryptor keys available, which can be a solution to some ransomware scenarios. However, it could still leave your business vulnerable to more sophisticated attacks from the same bad actor.
The more victims of ransomware partner with law enforcement and cyber security experts, the more everyone can better understand and assist with ransomware attack recovery. However, the best solution for any organization is to prevent ransomware attacks in the first place.
Lighting may not strike twice, but ransomware repeats. Even those who pay ransom may soon face another attack, which is one of many reasons why it is seldom advisable to simply pay a ransom.
The best thing to do is take preventive action against ransomware by partnering with cybersecurity service providers to ensure your organization is well protected. Look for services that offer cloud-based backup solutions as well as security awareness training that can help empower everyone in your organization to avoid falling into traps that ransomware often sets, and how to appropriately respond to ransomware to minimize its impact.