What Should I Do Right After My Business Has Been Infected with Ransomware?

Ransomware attacks on businesses have been skyrocketing in 2019. During the second quarter of 2019, attacks increased 363% year-over-year.

And while the attacks on municipalities and large hospital systems tend to capture headlines, small and medium-sized businesses in New Jersey and the rest of the country are often the targets of these types of attacks.

If your company hasn’t already fallen victim to ransomware, there’s a good chance you could in the next few years. Ransomware shows no signs of slowing down and criminals continue to see it as one of the more lucrative types of cyberattacks.

With ransomware being such a big threat to business continuity, the best defense means employing a multi-layered data security strategy with things like:

  • Cloud backup and recovery systems
  • Anti-phishing applications
  • Advanced Threat Protection
  • Web Protection and DNS Filtering 
  • Anti-malware software
  • Employee awareness training

But, if despite your best efforts, your network has become the victim of a ransomware attack, what do you do next?

Steps to Take If You’ve Been Hit with Ransomware

In December of 2019, Hackensack Meridian Health, one of the largest hospital systems in New Jersey, had their systems taken down by a ransomware attack that disrupted operations at 17 clinics and hospitals throughout the state. While, they opted to pay the ransom, their quick response to get help immediately from IT professionals and law enforcement reduced the time they were offline.

The steps you take immediately following your discovery a ransomware attack can make a significant difference in the resiliency of your operations and your ability to mitigate the spread of the threat.

Take Your Infected Devices Offline

The first signs of a ransomware attack are usually twofold. One is the inability to access your data because it’s been encrypted by the ransomware. The other is some type of message that usually comes up on the screen telling you you’ve been infected with ransomware and giving you instructions on how to pay a ransom to get a decryption key.

If you’re unsure which other devices may be impacted, it’s best to take them all offline, and that includes disconnecting internal networks so the ransomware can’t spread from one computer to another.

Call in a Pro to Determine the Extent of the Damage

Once your devices are disconnected, you’ll want to call in an IT pro who can diagnose the extent of the damage and identify the devices that are infected and any that are safe.

They can also identify the type of ransomware being used, which in some cases may give you some hope. For example, there are some forms of ransomware that don’t encrypt your actual data, rather they make a copy of it, put your original data in a trash folder, and encrypt the copy. If this is the case, your data could be recovered.

You’ll also need to know if any sensitive data was potentially stolen, which would also mean a data breach, in which case you would need to notify those whose information was impacted.

An IT professional will tell you where you stand as far as how bad the situation is so you can decide on your next steps.

Make Proactive Notifications to Employees & Clients

If your business systems are all offline, then your employees may be confused, and your customers might be wondering why they can’t contact you electronically or make an appointment at your office. 

You can help mitigate a flurry of calls when you need to be focusing on the urgent issue at hand by putting out a brief statement either on your website (if possible), via signs at your location, or through a message that a dedicated receptionist gives callers. It doesn’t have to say anything more initially than you’re experiencing technological difficulties at this time and working to address the issue. 

Review Your Options: Restore Data or Pay Ransom

If you have an easily restorable and current copy of your business data, then you can avoid paying a ransom and can instead have your system cleaned of the ransomware and then restore your backups.

The reason you don’t want to immediately have your devices cleaned of ransomware is because if you opt to pay the ransom, removing the ransomware could cause an issue with the decryption (that is if the hacker actually comes through on their side of the deal).

If you don’t have a restorable backup, then you need to decide if paying the ransom is the only way to get your data back and if you can afford to do that and take that chance.

Some organizations that do have backups choose to pay the ransom anyway because they think that’s going to get their systems back up and running faster, but you have to factor in that you’re dealing with a criminal, not exactly someone you can trust.

Post Ransomware Recovery Steps

Once you’ve gone through the initial emergency and your business is back online and your systems are clean of ransomware, you should do the following:

  • Contact local law enforcement to report the attack.
  • Assess how the attack happened and what you need to do to keep one from happening again.
  • Use the opportunity of what you’ve just gone through to update your cybersecurity training manual with steps employees are to take after a cyberattack.
  • Consider purchasing cybersecurity insurance, which is a growing area of business insurance.

Get a Free Security Assessment Today!

Don’t leave your network at risk! It’s best to be proactive when it comes to cyberattacks and that includes having a review done of your data security strategy to make you aware of any weaknesses.

Schedule a free security assessment today by calling us at 732-587-5960 or using our contact form.