What to Do If You Get Hit With Ransomware

What to do if you are hit by ransomware

If you get hit with ransomware there will be a number of indications, including:

  • A screen telling you that your business files are encrypted.
  • You can’t open any of your documents.
  • Your files may have a weird extension of different icon.
  • there will be instructions for how to pay up to recover your files.

This blog article details a number of steps you can take instead of paying the ransom straight away.

Cybersecurity Ventures predicts ransomware will impact businesses every 11 seconds in 2021 – and yes, you read that right, every 11 seconds! Another research company reported ransomware increasing 485% year-over-year in 2020.

It is considered a bad idea to pay the ransom as you are rewarding the cybercriminals and there is no guarantee that they will provide the encryption key needed to regain the use of your files.


If you get hit by any type of virus or malware you will need to turn to your disaster response plan. if you have one, you have a plan on how to cope the unthinkable happens. If you don’t have one then start with the following.

Identify the systems involved and isolate them immediately

Once you have detected a compromise, limit the spread of infection by disconnecting the devices affected from the network. Ideally, you take only a few computers offline or disconnect an individual network. Even in a large-scale compromise, remove all affected devices from the network to contain the malware.

As part of the isolation, do not forget to disconnect any connected devices such as USB drive storage drives. The ransomware infection will even seek out backup drives and USB thumb drives.

Power down only the affected devices if you are unable to disconnect them from the network. Why? Because turning them off means you might lose potential evidence.

The hackers may also be monitoring your business communications. So move offline to coordinate your response. Phone calls or text messaging will work as will personal email accounts.

System Restoration

Do not attempt to restore systems until you have identified and isolated the systems. After that, your business can move into triage mode. Prioritize what to restore, and recover using your data backup (you have a recent backup don’t you?). Consider how critical each system is for health and safety and revenue generation. Then, get to work restoring systems in an efficient, organized fashion.

Minimizing Ransomware Risk

Ransomware is a major threat to every business sector, and you do not want to become the next victim. Common best practices include:

  • installing and keeping security software up to date (anti-virus or anti-malware);
  • staff cyber security training;
  • installing email filters to keep phishing emails from reaching your employees;
  • making frequent multiple backups and keeping them separate from your network;
  • installing a hardware firewall and UTM (unified threat management) device;
  • regularly installing updates for your operating system and software;

Businesses that partner with a proactive or managed services provider have someone supporting their efforts to cut ransomware risk. Plus, if the worst happens, the IT experts are at the ready to help identify, isolate and rebuild. They may also help identify the malware strain and find if any encryption keys have been released.

Your data backup should have recent copies of all information up to (or close to) the time of infection. So, once the ransomware has been removedyou can and reinstall your data and programs.

An IT provider can help you plan ahead to contain the damage from a cyberattack. Let our IT experts install best practices, set up safe backups and track activity on your network. Contact us today to help with your IT and security needs.

Leave a Reply

Your email address will not be published. Required fields are marked *