Blogs

8 Steps To Take During A Ransomware Attack

You’re just sitting at your desk, working hard, minding your own business when bam! An alarming red background takes over your screen. A message written in a threatening font tells you all your files are locked and demands you pay a hefty ransom in cryptocurrency, or your files are gone forever. Because your attackers were feeling extra dramatic, the message is signed with a skull and crossbones at the bottom. As soon as you see this, you will be tempted to panic, but try to take a deep breath and remain calm and collected. Yes, a ransomware attack can be devastating, but if you act immediately, you can mitigate some damage.

What exactly is Ransomware?

Ransomware is a malicious attack of malware that infects a computer or computer system and leaves your data locked (or encrypted) by anonymous cybercriminals. The attackers hold your locked data hostage until you pay the ransom for an encryption key that unlocks your files and restores your access.

Despite rising awareness of the risk, ransomware is a growing billion-dollar business and hackers have attacked nearly every industry, often with large ransoms and huge restoration costs. Even government agencies and entire countries aren’t immune. In April 2022, cybercriminals attacked thirty government agencies in Costa Rica with ransomware, forcing the country to essentially shutdown and declare a state of emergency. It was a disaster they are still rebuilding from.

But it’s not just the big guys at risk. Ransomware attacks affect small businesses too. Small businesses are often targeted because they do not budget for adequate security and backup measures.

The best defense against today’s advanced security threats is a good offense that outsmarts emerging threats while they’re still just threats. Ineffective firewalls, unmanaged email, and unprotected devices are behind most security breaches.

The attack typically starts at one workstation, which geeks like us call endpoints. Maybe you click unknowingly on an infected website or malicious email. The ransomware begins silently running in the background, looking for files to encrypt or other targets on your network. Once the ransomware encrypts everything it can, you will see that terrifying message letting you know they locked your files until you pay. So how should your company handle a ransomware attack?

 

Here are eight steps to take following a ransomware attack:

  1. Record the Attack

Take a photo of the ransomware note with your smartphone or camera. If possible, take a screenshot on the affected machine as well. This will help in filing police and insurance reports and maybe even help restore your data.

  1. Quarantine to Stop the Spread

It’s important to isolate the affected systems as soon as possible.  Disconnecting the affected computer helps stop the ransomware in its tracks. While it may have already infiltrated your network, you reduce the damage by isolating the system. Ransomware typically scans the target network and propagates laterally to other systems. If an infected computer is powered off and unplugged, it’s not talking to anything else. This, of course, gets more complicated if multiple devices or servers are compromised.

  1. Call for Help

* Call your IT Department or MSP immediately and alert them to the attack. They will take care of the next steps.

* Call your Legal Counsel

* Call Law Enforcement. Ransomware is a crime and should be reported to local law enforcement authorities or the FBI. * Call your insurance company. You may be covered in this kind of situation.

If you do not have an IT department that is taking care of the remaining steps, you can call Liberty Technology to assist you in disaster recovery, or you can take care of the following steps:

  1. Disable Maintenance Tasks

You should immediately disable automated maintenance tasks on affected systems, such as temporary file removal and log rotation. This will prevent these tasks from interfering with files that might be useful for forensics and investigation analysis.

  1. Secure Backups

Most modern ransomware strains immediately go after backups to thwart recovery efforts. Secure your backups by disconnecting them from the rest of the network. You should also lock down access to backup systems until after the infection gets removed.

  1. Identify the Ransomware Strain & Look for Decryption tools.

To determine the ransomware strain, you can use free services such as Emsisoft’s online ransomware identification tool or ID Ransomware. These services allow users to upload a sample of the encrypted file, any ransom note left behind, and the attacker’s contact information, if available. The analysis of this information can identify the type of ransomware strain that has affected the user’s files.

There are many decryption tools available online, such as No More Ransom. Once you know the strain you are dealing with, you can plug it into a website and search for the matching decryption. You may get a free key, and there is a slim chance that your files are not encrypted. Some ransomware attacks are merely an attempt to scare you into paying a ransom, even though the data is not actually encrypted.

  1. Clean the Slate

Once you have disconnected the affected systems from the network, change all online and account passwords. After the ransomware gets removed, you should once again change all the system passwords. Once a network has been infected, there is no way to guarantee that the ransomware is completely gone unless all devices are wiped clean. This includes virtual devices as well. Make sure all your devices are professionally wiped clean before using them again.

  1. Decide Whether or Not to Pay

Deciding to pay for ransomware is not a simple decision. Only pay for ransomware if you have exhausted all other options and losing data damages you or your company more than paying the ransom. Remember, you’re dealing with criminals. There is no guarantee that you will recover your data; paying them only encourages more attacks. If you decide to pay the ransom, ask the attackers to prove that they can decrypt the files and negotiate a lower ransom if possible. Keep a cool head, and don’t be rash. Again, your IT team or MSP can help you determine the severity of the attack and provide guidance on the best way to move forward.

Our Solution

As we said before, prevention is the best strategy. Liberty Technology’s approach to security is an aggressive risk-reduction strategy, giving you the visibility and insight you need to shut down security threats wherever they appear. You’ll also have peace of mind knowing that we are with you every step of the way to mitigate a ransomware attack.

While Liberty Technology provides IT disaster recovery and stands ready to assist you in a moment of crisis, we hope that day never comes. Taking preventative measures can drastically increase the probability that it never will. We provide state-of-the-art IT security for government organizations and companies across the healthcare, financial, manufacturing, retail, and education industries. Call us today! 

Back

Recent Blogs

8 Steps To Take During A Ransomware Attack

You’re just sitting at your desk, working hard, minding your own business when bam! An alarming red background takes over your screen. A message written in a threatening font tells you all your files are locked and demands you pay a hefty ransom in cryptocurrency, or your files are gone forever. Because your attackers were […]
Jan 2nd, 2023 | by Ben Johnson

The Ultimate Guide to VCIOs

A VCIO, or Virtual Chief Information Officer, can be an invaluable asset to your business. But what is a VCIO, and why do you need one? This blog post will discuss the benefits of having a VCIO and how to choose the right one for your business.    What is a VCIO? A vCIO is […]
Jan 2nd, 2023 | by Ben Johnson

Protect Your Data

Your data is one of the most important assets of your business. It is what allows you to keep track of your customers, sales, and operations. However, if this data falls into the wrong hands, it can irreparably harm your business. That’s why it’s so important to protect your data from unauthorized access and theft. […]
Jan 2nd, 2023 | by Ben Johnson

How to Take Advantage of Section 179 Tax Code

You’ve most likely put off upgrading your IT infrastructure for too long, but thanks to a special IRS tax code, now might be the perfect time to do so. Small businesses can take advantage of Section 179 of the tax code to deduct operating expenses, like your IT infrastructure. If you are looking for ways […]
Jan 2nd, 2023 | by Ben Johnson

Why It Security Is Important For Business

While Liberty Technology provides IT disaster recovery and stands ready to assist you in a moment of crisis, we hope that day never comes. Taking preventative measures can drastically increase the probability that it never will. Don’t think you need the top of the line in IT security or worried it costs too much money? […]
Jan 2nd, 2023 | by Ben Johnson

How To Manage A Hybrid Workplace

Working remotely was not just a temporary effect of the COVID-19 pandemic. In fact, it’s not going anywhere. Many businesses are making permanent shifts to full-time remote or hybrid models. If your business has taken this route, have you considered how that will affect data security? Your current security measures and policies are based on […]
Jan 2nd, 2023 | by Charles Goodsell

Why Your Company Needs An IT Assessment

How do you feel about your company’s data security? If a hacker tried to steal your data, would they succeed? Would such an occurrence catch you completely off guard and throw your organization into disarray? Would you look back and wonder what you could have done differently to prevent it? The truth is, there is […]
Jan 2nd, 2023 | by Charles Goodsell

Having trouble staffing your Internal IT?

In the post-pandemic economy, many small business owners are having trouble getting back to “business as usual.” A big part of that challenge has been attracting talent. According to National Federation of Independent Businesses (NFIB) Chief Economist Bill Dunkelberg, “Main Street is doing better as state and local restrictions are eased, but finding qualified labour […]
Jan 2nd, 2023 | by Ben Johnson

5 Things to Look for When Choosing an MSP

A managed service provider (MSP) can provide significant value to your organization. An increasing number of businesses and organizations are turning to MSPs to address their IT needs, including: Security: The constant battle against cyber attacks, data protection and retention, disaster recovery and more involves constant oversight and research that most IT departments simply don’t […]
Jan 2nd, 2023 | by Charles Goodsell

The Evolution of the Cloud

Market trends are changing, and the IT world is on the cusp of a big shift. We at Liberty have a mission to stay on the leading edge of all things IT, and it’s our job to make sure you stay right out front alongside us. With the newest consumption model taking form, we are […]
Jan 2nd, 2023 | by Ben Johnson

Windows 7 End of Life

After 10 years as one of the most universally loved operating systems, Windows 7 End of Life (EoL) is taking place January 14, 2020. And if there’s one thing zombie season should teach us, it’s to know when it’s time to say goodbye. Sure, Windows 7 brought new features, advancements, increased functionality and usability to […]
Jan 2nd, 2023 | by Charles Goodsell

Ryuk Ransomware Attacks and What You Need to Know

Law Enforcement and other Governmental Agencies all over Georgia recently received a shocking warning in regards to what is being characterized as a targeted and organized series of Malware attacks. Shortly after this warning was released, over 20 Texas agencies were crippled. Ryuk Ransomware attacks are targeting Law Enforcement and Government Agencies in an attempt […]
Jan 2nd, 2023 | by Ben Johnson