3 Steps for Remediating a Ransomware Attack
Ransomware is a rapidly spreading cybersecurity threat that has afflicted hospitals, government agencies, and small businesses around the world. These malicious programs encrypt your most valuable information and threaten to delete it unless you pay an exorbitant ransom. Below are a few steps to take if your organization has been attacked by ransomware.
How to Remediate a Ransomware Attack
1. Isolate the Infected Computer
After infecting a workstation or server, ransomware is designed to look for connections that allow it to spread throughout the network. Immediately disconnect any ethernet cables and external storage devices, and disable WiFi and Bluetooth. If you can’t access any functions on the computer, turn it off completely.
Ransomware is also designed to target backups to make recovery impossible. Immediately disconnect affected workstations from your backup servers, or contact your cloud services provider if you use remote backups.
2. Disable Automated Maintenance
Background tasks that keep a machine running efficiently can also eliminate files and evidence that could be useful to forensic investigators. If you can still access the machine, turn off any processes that rotate log files, remove temporary files, or perform other routine maintenance tasks.
3. Create a Backup of the Infected System
While you don’t want an infected computer to have access to your normal backups, you may need a copy of the encrypted drive. Cybercriminals may actually delete those files if you refuse to pay the ransom in time, so having a backup is essential for preventing data loss.
A cybersecurity professional may be able to decrypt the drive later, potentially saving you tens of thousands of dollars. A backup of the computer can also help investigators determine how your network was infected in the first place.
As one of the industry’s leading cybersecurity consultants, Flair Data Systems has been serving businesses throughout Texas and Colorado for over a century. They provide over 150 different technology solutions, and hold engineering certifications with each type of system they work with. Visit their website for more on their cybersecurity solutions, or call (214) 445-3500 to discuss your needs with a professional today.