Blogs

8 Steps To Take During A Ransomware Attack

How To Handle Ransomware

You’re just sitting at your desk, working hard, minding your own business when bam! An alarming red background takes over your screen. A message written in a threatening font tells you all your files are locked and demands you pay a hefty ransom in cryptocurrency, or your files are gone forever. Because your attackers were feeling extra dramatic, the message is signed with a skull and crossbones at the bottom. As soon as you see this, you will be tempted to panic, but try to take a deep breath and remain calm and collected. Yes, a ransomware attack can be devastating, but if you act immediately, you can mitigate some damage.

What exactly is Ransomware?

Ransomware is a malicious attack of malware that infects a computer or computer system and leaves your data locked (or encrypted) by anonymous cybercriminals. The attackers hold your locked data hostage until you pay the ransom for an encryption key that unlocks your files and restores your access.

Despite rising awareness of the risk, ransomware is a growing billion-dollar business and hackers have attacked nearly every industry, often with large ransoms and huge restoration costs. Even government agencies and entire countries aren’t immune. In April 2022, cybercriminals attacked thirty government agencies in Costa Rica with ransomware, forcing the country to essentially shutdown and declare a state of emergency. It was a disaster they are still rebuilding from.

But it’s not just the big guys at risk. Ransomware attacks affect small businesses too. Small businesses are often targeted because they do not budget for adequate security and backup measures.

The best defense against today’s advanced security threats is a good offense that outsmarts emerging threats while they’re still just threats. Ineffective firewalls, unmanaged email, and unprotected devices are behind most security breaches.

The attack typically starts at one workstation, which geeks like us call endpoints. Maybe you click unknowingly on an infected website or malicious email. The ransomware begins silently running in the background, looking for files to encrypt or other targets on your network. Once the ransomware encrypts everything it can, you will see that terrifying message letting you know they locked your files until you pay. So how should your company handle a ransomware attack?

 

Here are eight steps to take following a ransomware attack:

  1. Record the Attack

Take a photo of the ransomware note with your smartphone or camera. If possible, take a screenshot on the affected machine as well. This will help in filing police and insurance reports and maybe even help restore your data.

  1. Quarantine to Stop the Spread

It’s important to isolate the affected systems as soon as possible.  Disconnecting the affected computer helps stop the ransomware in its tracks. While it may have already infiltrated your network, you reduce the damage by isolating the system. Ransomware typically scans the target network and propagates laterally to other systems. If an infected computer is powered off and unplugged, it’s not talking to anything else. This, of course, gets more complicated if multiple devices or servers are compromised.

  1. Call for Help

* Call your IT Department or MSP immediately and alert them to the attack. They will take care of the next steps.

* Call your Legal Counsel

* Call Law Enforcement. Ransomware is a crime and should be reported to local law enforcement authorities or the FBI. * Call your insurance company. You may be covered in this kind of situation.

If you do not have an IT department that is taking care of the remaining steps, you can call Liberty Technology to assist you in disaster recovery, or you can take care of the following steps:

  1. Disable Maintenance Tasks

You should immediately disable automated maintenance tasks on affected systems, such as temporary file removal and log rotation. This will prevent these tasks from interfering with files that might be useful for forensics and investigation analysis.

  1. Secure Backups

Most modern ransomware strains immediately go after backups to thwart recovery efforts. Secure your backups by disconnecting them from the rest of the network. You should also lock down access to backup systems until after the infection gets removed.

  1. Identify the Ransomware Strain & Look for Decryption tools.

To determine the ransomware strain, you can use free services such as Emsisoft’s online ransomware identification tool or ID Ransomware. These services allow users to upload a sample of the encrypted file, any ransom note left behind, and the attacker’s contact information, if available. The analysis of this information can identify the type of ransomware strain that has affected the user’s files.

There are many decryption tools available online, such as No More Ransom. Once you know the strain you are dealing with, you can plug it into a website and search for the matching decryption. You may get a free key, and there is a slim chance that your files are not encrypted. Some ransomware attacks are merely an attempt to scare you into paying a ransom, even though the data is not actually encrypted.

  1. Clean the Slate

Once you have disconnected the affected systems from the network, change all online and account passwords. After the ransomware gets removed, you should once again change all the system passwords. Once a network has been infected, there is no way to guarantee that the ransomware is completely gone unless all devices are wiped clean. This includes virtual devices as well. Make sure all your devices are professionally wiped clean before using them again.

  1. Decide Whether or Not to Pay

Deciding to pay for ransomware is not a simple decision. Only pay for ransomware if you have exhausted all other options and losing data damages you or your company more than paying the ransom. Remember, you’re dealing with criminals. There is no guarantee that you will recover your data; paying them only encourages more attacks. If you decide to pay the ransom, ask the attackers to prove that they can decrypt the files and negotiate a lower ransom if possible. Keep a cool head, and don’t be rash. Again, your IT team or MSP can help you determine the severity of the attack and provide guidance on the best way to move forward.

Our Solution

As we said before, prevention is the best strategy. Liberty Technology’s approach to security is an aggressive risk-reduction strategy, giving you the visibility and insight you need to shut down security threats wherever they appear. You’ll also have peace of mind knowing that we are with you every step of the way to mitigate a ransomware attack.

While Liberty Technology provides IT disaster recovery and stands ready to assist you in a moment of crisis, we hope that day never comes. Taking preventative measures can drastically increase the probability that it never will. We provide state-of-the-art IT security for government organizations and companies across the healthcare, financial, manufacturing, retail, and education industries. Call us today! 

Back Next

Recent Blogs

How To Handle Ransomware

Cloud Backup vs. Local Backup: Which Offers Better Data Security?

In the rapidly evolving data management landscape, choosing between cloud backup and local backup is a critical decision businesses must make. Both options have their merits, and the decision often boils down to factors like accessibility, cost, and, perhaps most importantly, data security. We’ll cover key considerations in the eternal debate of cloud vs local […]
Mar 1st, 2024
How To Handle Ransomware

Unlocking Efficiency: The Benefits of Cisco Unified Communications for Your Business

Effective communication is the cornerstone of success in the dynamic realm of modern business. As companies strive to enhance collaboration and streamline communication processes, adopting Cisco Unified Communications Solutions is a strategic move. Today, we’re exploring the myriad advantages businesses can reap by harnessing the power of Cisco collaboration products, emphasizing how Liberty Technology’s IT […]
Feb 1st, 2024
How To Handle Ransomware

Looking Ahead: IT Trends for 2024

Navigating the Future: IT Trends for 2024 In the ever-evolving landscape of technology, staying ahead of the curve is not just an advantage; it’s a necessity. As we stand at the threshold of 2024, businesses must anticipate the upcoming trends that will shape the IT landscape. Let’s explore the critical IT trends for 2024 and […]
Jan 1st, 2024
How To Handle Ransomware

2023: A Year of Collective Strength, Community Commitment, and Forward Thinking at Liberty Technology

Hello everyone, As we eagerly anticipate the arrival of 2024, we at Liberty Technology want to take a moment to reflect on 2023. It’s been a year of significant challenges, but also one of immense growth and community spirit. Our Community: Coming Together in Times of Need The year began on a challenging note with […]
Dec 11th, 2023
How To Handle Ransomware

What Can a VCIO Do for You?

In an ever-evolving digital world, businesses are constantly looking for ways to stay on top of technological advancements and stay competitive. Often, the responsibility falls on the shoulders of a Chief Information Officer (CIO). But for many small and medium-sized businesses, hiring a full-time CIO might not be feasible. Enter the VCIO – Virtual Chief […]
Nov 1st, 2023
How To Handle Ransomware

Cybersecurity for 2023

Every day, tech continues to amaze (and frighten) us with increasingly impressive products, AI, and speed. While these developments increase productivity and our overall good, some individuals will inevitably twist new tech for their nefarious purposes. Among the many worries that circle our safety online, one of the most concerning is being hacked, especially in […]
Oct 2nd, 2023
How To Handle Ransomware

Advantages of the Verkada Cloud-Based Physical Security System

Today, physical security is more important than ever. There are many options available to protect your business and commercial property, but selecting a high-quality security system is the most important way to guarantee maximum security. The brand that stands out from the rest is Verkada. Keep reading to learn about the advantages of choosing Verkada […]
Sep 1st, 2023
How To Handle Ransomware

What Are the Benefits of Managed IT Services?

Nearly every business requires IT services. Without them, technology could be hard to manage, rendering a company’s process less efficient and rough. In short, IT services in Macon, GA, are essential to keeping your local business running smoothly. They also change with the times and adapt to the constant improvements in technology. Ideal IT services […]
Aug 1st, 2023
How To Handle Ransomware

The Risks of a Non-Secure Server

In a business, servers could be called the “heart” of the building. Depending on the type, servers hold most or all of a company’s data, down to the most secure information such as documents, executables (a file used to perform operations or functions on a computer), and even photos or videos. Needless to say, when […]
Jul 3rd, 2023
How To Handle Ransomware

Are You Ready for the Post-COVID Hybrid Work Model?

Covid forever changed the way we work. Is your office capable of handling the demands the hybrid office places on it? Is your network set up for success? Is your data and hardware secure? If not, you’re going to fall behind your competition. The new workspace is changing, mostly for the better. Below you’ll find […]
Jun 1st, 2023
How To Handle Ransomware

Common Cloud Security Mistakes

A common practice for storing data is using the “cloud,” the system of internet-accessed storage, networking, software, and more. There are many services now offering space for all our files, programs, and applications, and this option has become critical to many individuals and businesses. This type of storage has plenty of advantages, such as remote […]
May 2nd, 2023
How To Handle Ransomware

Understanding the Risks of Outdated Tech

We all want our electronic devices to serve us well. We want to get our work done efficiently, without hiccups, viruses, software or hardware issues, and without any problems, period. But since there aren’t any perfect machines (not yet, anyway), devices will always have their limits. Technology problems are so frustrating and common because we […]
Apr 10th, 2023