top of page
  • mark13908

5 Crucial Steps to Take Following a Ransomware Attack

Hackers have been utilising ransomware for many years, proving how much of an effective tool it is in disrupting and even shutting down businesses while continuing to fund malicious activities.

In a report by Vox media, it was revealed that 60% of Small to Medium-sized businesses in the US will go out of business following a major cyber attack provided they have no means of recovery. This is a sobering reminder of just how effective these incidents can be and gives clear evidence as to why hackers use ransomware as such a staple in their Hackers Tool Kit.

Furthermore, a recent analysis by cybersecurity company Group-IB revealed ransomware attacks doubled in 2020, while Cybersecurity Venture predicts that a ransomware attack will occur every 11 seconds in 2021.

With all this in mind, it is important to ensure a business is as prepared as possible in light of a ransomware attack that may affect their data, services, and business continuity. So what are the steps in recovering from such an event? You may be surprised at how few there are if the appropriate procedures are in place.

  1. Isolate and shutdown critical systems

  2. Enact your Business Continuity Plan

  3. Report the attack

  4. Restore from backup

  5. Remediate, patch and monitor

Isolate and shutdown critical systems

It is important to remember that just because you may be on the receiving end of a ransomware attack, it does not necessarily mean all accessible data and systems have been captured by the ransomware. Shut down both the infected systems and healthy systems to help limit the malicious code.

As soon as you notice any evidence of a ransomware attack, containment should be a priority. Whether this via a full shutdown or simply isolating specific systems, this can slow down and even stop further damage.

Enact your business continuity plan

Having a Business Continuity plan in place is essential for any business and its disaster recovery component makes sure that your business can maintain some level of business operations.

A Business Continuity plan allows all departments to understand operations and objectives while experiencing a time of disaster or other business altering-scenarios in a simple, informative playbook. The disaster recovery component details how critical data and systems can be restored and brought back online.

Report the cyber attack

Many businesses are hesitant or embarrassed to report a cyber attack, especially when a majority of these can come down to user error, i.e not identifying a malicious email, or downloading an attachment that was ‘thought’ to be from a trusted source. But it is important to ensure customers, stakeholders and other parties considered essential to your operations are informed. A moment of embarrassment is far less damaging to a business in comparison to the loss of data or not having the right people aware such an attack is happening.

Restore from backup

Having backups in place can circumvent almost any ransomware attempt, however doing so can be time consuming, forcing businesses to be offline for extended periods of time. Alternatively, with our cloud support, this operation is expedited and can massively reduce the time it takes to be back firing on all cylinders.

This situation highlights the need to discover and contain ransomware infections as quickly as possible to reduce the amount of data that needs recovering.

Remediate, patch and monitor

As businesses look to bolster the environment against ransomware and other malicious threats, it is crucial to look at the common entry points for these types of attacks.

Cyberattacks use phishing attacks to harvest stolen credentials which can then be used to launch a ransomware attack, or access systems directly.

15 views0 comments


  • Facebook
  • LinkedIn
  • Twitter
bottom of page