Whether your company has been affected by ransomware or not, knowing what to do if it does is essential to recovery. Ransomware is a vicious, crippling attack on large corporations and small businesses that leave devastating consequences for owners and management alike. 

 

In these types of attacks, digital files are stolen virtually, and a monetary ransom is demanded to be fully restored. Ransomware attacks can bring productivity to a halt, costing millions of dollars to remedy. 

 

Read on to learn steps you should take if your business or organization is being held hostage by ransomware. 

 

File A Report

If your company is hit with ransomware, you should first report it to authorities. The FBI’s Internet Crime Complaint Center is where you should file a ransomware attack complaint. You can contact your local FBI field office directly by finding it on their website. Reporting the ransomware incident helps authorities better deal with the current threat and formulate possible causes, means, and solutions. 

 

Contact your I.T. Provider and or Internal Department

Unfortunately, even if I.T. does everything right, breaches can still happen. There are many Zero Day Vulnerabilities that can be exploited and then there is the human factor. The majority of breaches are a result of a user clicking on a malicious link or opening a email attachment that has a malicious payload. In the event of a breach, I.T. needs to take a number of actions to mitigate continued damage, safeguard backups and begin the cleanup and recovery process. 

 

Minimize The Damage

While Anti-Virus software can stop some threats, it is far from foolproof! There are additional safeguards that should be taken to reduce your chances of being breached/ransomed. We recommend a Zero Trust approach to applications running on computers, annual cyber training for staff and 24/7 monitoring of the environment.

In the event you are compromised, you mustn’t initiate any actions like shutting down systems or turning off computers until I.T. has been notified and directs you on how to proceed. 

 

Recovery/Data Backup

Hopefully before any breach occurs, your organization has implemented a robust Backup/Disaster Recovery Solution that backs up all critical system to a local device and then replicates it to a secure cloud provider. A good solution will allow you to recover your systems both onsite or in the cloud as appropriate.

After a breach occurs, I.T. needs to safeguard the backups, determine at what point the systems were compromised so as to not restore already infected data, and before restoring plug the hole that the bad guys got through. You don't want the productivity loss or morale killing reoccurring reinfections!

 

Safe Computing!