Ransomware attacks are one of the scariest things that can happen to a company these days. They can completely shut down many businesses, and once they happen, it can feel like there is no hope of recovery. It’s one of many reasons why it’s important to update softwares regularly and deploy good internet security tools. If you face a corporate ransomware attack, follow these steps.
Shut It Down
The first thing you need to do in response to a ransomware attack is shut down the impacted network. This will likely disrupt business, but you absolutely need to isolate the infected device (or devices) as quickly as possible. Killing the network prevents devices from talking to each other, and that gives you a chance to stem the problem.
Once communication is stopped, you want to identify and isolate any and all impacted machines. If you don’t have the resources to do this, it’s time to contact experts who can help. Until you can be 100 percent sure that all of the infection is contained, you cannot safely restore your network and resume business. Going back online prematurely will undo all of your efforts and allow the infection to proliferate.
After you have dealt with the infection, you can try to recover your data and restore business operations. Usually, the best way to do this is to reload from clean backups. If you don’t have clean backups, you’re in for a long fight. Sometimes, it’s possible to decrypt files, but that is usually a losing prospect. More often, the only way forward (when you don’t have backups) is to delete the lost or corrupted files and start over.
The Integral Missing Steps
Those three steps will guide you through a ransomware attack, but you might have noticed two obvious steps that are missing. The first is contacting the authorities. You should absolutely do this, but the timing does little to impact your recovery plan. Ideally, you can contact them after you shut down your network, but the step was held until later to make one thing clear. The authorities will try to catch the criminals responsible and contribute to future cybercrime prevention, but they have very little to offer your company in terms of disaster recovery.
The other missing step is paying the ransom. This is simply a bad idea. According to DataCenter Knowledge, 42 percent of businesses that pay a ransomware price never get their data unlocked. On top of that, the FBI says that paying a ransom only makes the issue worse. This isn’t a viable step as you can’t trust the people who illegally encrypted your data after you pay them for extorting you.
Here’s the bottom line. The most important thing you can do to defeat a ransomware attack is to prepare before it happens. Set up a data backup and disaster recovery system right now. Preventing a data breach is much easier than overcoming one.