6 Tips on How to Recover from a Ransomware Attack


The Danger of Ransomware

We’ve compiled a list of six tips to help educate organizations on how to recover from a ransomware attack.

Before discussing our six tips for how to recover from a ransomware attack, let’s talk a little bit about what ransomware is, and the dangers of it. As you may know, ransomware is a type of computer virus that can infect a system whenever a user clicks on a malicious link in, visits a malicious website, or downloads a malicious file. In a ransomware attack, the hacker encodes data which can only be retrieved by paying a ransom and obtaining the encryption key used for decoding.

As with most cybersecurity threats, the amount and severity of ransomware attacks are increasing annually. The U.S. Department of Justice has estimated that over 100,000 computers around the world are infected daily, and whole industries have been rendered virtually inoperable as a result of ransomware viruses. We know thateffectively preparing for a potential ransomware assault is the best way to prevent one, but what do you do if you get infected?

The best way to avoid a ransomware attack is to be proactive. Download our free guide, Ransomware Attacks: Why Preparation is the Best Protection to discover how to prevent attacks today.

What to Do After a Ransomware Attack

Establishing preventative measures isn’t always going to be 100% effective. If you get infected by ransomware, remain calm and follow these six tips on how to recover from a ransomware attack:

  1. Discover what kind of ransomware is attacking you –Identifying the ransomware you’re dealing with will help determine what recovery options you have. The best way to do this is to ascertain how much of your data you still have access to. There are two common types of ransomware, screen-locking, and encryption based, and they each operate a little differently.
  2. Disconnect from everything –The most important thing you can do is to restrict the impact of the ransomware infection by disconnecting your device to prevent the virus from spreading throughout the network.
  3. Identifying the ransomware you’re dealing with will help determine what recovery options you have. The best way to do this is to ascertain how much of your data you still have access to. There are two common types of ransomware, screen-locking, and encryption based, and they each operate a little differently.
  4. Take a picture of the ransomware screen –When attacked, there will be a note displayed that identifies the ransom, including the amount to be paid and where to send the payment. Take a picture so the information is readily available for when the appropriate authorities are contacted.
  5. Enact your incident response plan –If you have one, enact your incident response policy immediately because this is a security breach. Follow the measures defined in your policy to ensure that all of the right steps are taken, including notifying stakeholders of the breach.
  6. Research the ransomware –Depending on the type of ransomware you’ve been attacked with, there’s a chance that data recovery is possible using software available online. It is also possible that there is a way to decode the encrypted files without having to pay the ransom. If you don’t have the internal resources to diagnose the type of ransomware you’ve been infected with, engage with a trusted cybersecurity firm for help.
  7. Attempt restoration from backups –If possible, you may want to restore your systems from any backups you have available. However, be cognizant that the ransomware may have been in your system for some time, so any backups could be compromised as well. Before restoring, make sure to deploy an antivirus software through your system

Getting infected can be scary, but understanding what to do after a ransomware attack can help your organization act quickly.

Should You Pay Ransomware?

We’re often asked, should you pay ransomware? — and our answer is always, only as a last resort. If an organization determines that too much critical information would be lost as a result of system corruption, they may choose to pay the ransom. Most of the time, negotiations with hackers are successful but keep in mind that ransomware attacks aren’t deployed by the most ethical people, so paying the ransom may get you nothing in return. In addition, hackers share information with other hackers so once you have paid you to become a known mark and others will coming knocking. Be wary if your insurance carrier advises you to pay the ransom as the payment most likely will be less than your deductible and a complex digital forensics project is averted requiring insurance reimbursement.

Who to contact if you’ve been infected by ransomware

If your organization has encountered a ransomware attack contact your local authorities. You also want to inform either the Federal Bureau of Investigation’s local FBI office or file an online complaint with the FBI’s Internet Crime Complaint Center.

If you carry insurance coverage, typically one has a time limit to notify their insurance carrier. There are more parties to notify which should be documented in the Incidence Response Plan.

Want more information on ransomware attacks? Download our free guide, Ransomware Attacks: Why Preparation is the Best Protection for more detailed information today.

For help determining the type of ransomware you have, technical support in trying to recover your information, or to perform a forensic analysis of the impact, reach out to an experienced cybersecurity partner like Withum today. Contact us online, or give us a call at (609) 520 1188.

How Can We Help?

Previous Post

Next Post