You’ve suffered a ransomware attack. What now?

What is ransomware?

Across the globe, the number of cyberattacks is increasing. Many of those attacks involve the use of destructive ransomware, or hostage software. This software encrypts files on your systems, making them unreadable or unusable. To restore access to your files you have to pay a ransom. In other words, a ransomware attack is a type of extortion.

Sometimes cybercriminals go further: they not only block your files but also steal your data. If you don’t pay the ransom, they threaten to make confidential data public, putting your business under even greater pressure.

Another evolution is big game hunting, where cybercriminals target major corporations or organisations that are often active in various industries. By infiltrating the company network and holding the data on all the servers and other connected systems hostage, the attackers can look forward to an even bigger payday.

Have you been a victim of ransomware? Here’s how to handle it.

If your business has fallen prey to a ransomware attack, follow these five steps to regain control.

1. Remain calm
   Ransomware attack victims tend to panic easily. Try to stay calm and not to make any hasty decisions. What you decide now will have a major impact on your chances of surviving unscathed. Immediately after the attack, it’s important to get the situation under control. An incident response plan is a great asset. If your organisation doesn’t already have one, you should consider creating one. A good incident response plan is one that is up to date, so update yours regularly. Do you have a plan? Perfect: start the necessary procedures as soon as possible.
    
2. Identify and isolate the affected systems
   Identify the affected systems and isolate them to prevent the ransomware from spreading. Disconnect network cables and interrupt wireless network connections so the attackers can no longer send commands to the malware. Remove all connected storage devices such as USB sticks and mobile phones. Do not reboot or shut down your systems. If necessary, ask the advice of an external security expert. Orange offers this service in our detection and response strategy.
    
3. Communicate
   Transparent and open communication is vital in the event of a cyberattack, both internally and externally. It is important for staff to understand exactly what is going on. This will help them to better respect the measures that are necessary to safely restore your systems, even though it severely disrupts their normal working conditions.
    
4. Do not pay a ransom
   Criminals will always be criminals. It’s very likely your data will be sold or leaked anyway, even if you pay the ransom money. Don’t count on the attackers to provide you with a reliable key to restore access to your files. And do not work with a third party that promises to negotiate with the attackers to lower the ransom. This often results in additional costs.
    
5. Expect a long recovery process
   A cyberattack often does a great deal of damage and recovery can take a long time. The staff involved face a huge effort that shouldn’t be underestimated, so it can be a good idea to hire an external security expert to take this pressure off your staff.

*Want to know more about the right response to a malware attack? Read the more extensive roadmap in the guide of the Centre for Cyber Security Belgium of the federal government.