What To Do Right Now if Your Business Has Been Infected by Ransomware

We’re hoping that you are reading this post to prepare yourself in case your organization were to face a ransomware attack, but if you are suffering from one right now, we encourage you to reach out to us immediately, whether you are a client or not. Ransomware spreads quickly, and once it has infected a system, there really isn’t much you can do to stop it. That being said, there are steps you need to take to come back from this gracefully.

Contact Your IT Department

Whoever manages your network needs a phone call, right now. If you can’t reach your IT provider, give Macro Systems a call at 703-359-9211 and we will attempt to assist you.

Take the Network Offline

If multiple systems are impacted, take the network down at the switch level. Unplug the switch and disconnect it from the rest of the network. Your goal is to quickly isolate the issue so it doesn’t continue to spread across your network, including your backup and other devices.

You want to avoid powering down devices unless absolutely necessary. If you shut down hardware, you might lose your opportunity to trace exactly how the attack occurred, as some of this information might only be retrieved from volatile memory that goes away once a device is shut down.

Establish an Off-Network Communication Method

At this point, assume your network is entirely compromised. It might not be, but the more cautious you are, the more likely it is that you’ll come out of this unscathed. Communicate internally and externally with phones and text if possible, in case a system is compromised and being watched.

Get ready to do a lot of communication, both internally with your staff, and potentially externally with your customers. If you are dealing with an actual data breach and cybercriminals are gaining access to customer information, then you’ll need to know exactly what information has been stolen and follow industry guidelines appropriately.

Take a Photo of the Ransomware Message and Report It

Ransomware is considered a felony, so take a photo of the screen with your smartphone. You’ll want to report the ransomware to the proper authorities.

Do You Have a Backup?

If your business isn’t backing up your data properly, then your situation just got a whole lot worse. If you are reading this proactively, audit your backup and invest in it. If you have a backup solution and haven’t thought about it in over six months, assume you don’t have a backup until it is thoroughly audited and tested.

If you have a backup, and you are confident in it, then you can take a deep breath. The problem isn’t over, but it will pass and things will go back to normal in time.

Get a Professional to Wipe the Infected Systems and Restore Your Data

There are a handful of tasks that your IT provider will want to accomplish. Running additional forensics to determine how the ransomware made it onto the network in the first place can provide some valuable insights. It’s possible that there are other threats lurking on the network. Most businesses that suffer from a ransomware attack face consecutive attacks afterward.

It’s rare, but possible that a ransomware attack can be reversed, but in most cases, just assume that the device needs to be wiped and that the data on it is lost. You shouldn’t be storing critical data on a workstation anyway—everything should be securely stored on your servers which are thoroughly backed up and redundant. 

Use This as a Learning Experience

The best way to combat ransomware is by avoiding it in the first place. Your organization should take steps to protect itself from subsequent attacks. If your organization is lucky enough to have not been affected so far, it’s still a good idea to have your network audited to make sure you aren’t taking major risks.