- Ransomware attacks encrypt data and demand a ransom for the decryption key.
- This year we’ve seen a number of such attacks impact governments, schools, and other organizations.
Recently, Spain’s largest radio station, Cadena SER and an NTT DATA company Everis fell victim to ransomware attacks. With the list of ransomware attacks growing longer, here are a few tips in case your organizations falls victim to such an incident.
Don’t reboot your system
In certain situations, rebooting the system can help the ransomware. Sometimes, the machine may only be partially encrypted because the malware is blocked by a permission issue or error. Rebooting will allow the malware to encrypt the entire system.
Disconnect from the network
To prevent the ransomware from spreading, disconnect the machine from the network. This helps limit the infection and reduce the impact the malware can cause.
Reach out to experts
Recovering from a ransomware attack involves identifying the ransomware’s malicious mechanisms and processes and removing them from the infected machine. Only after this should the data backup be done. In case the ransomware’s processes are not completely removed, it may result in the backup files also being encrypted.
For this reason, it is highly recommended that you contact security professionals who have the expertise to deal with such attacks.
Notify impacted individuals
Although it is not the easiest thing to do, notifying affected customers, employees, and partners is a vital step. Laws in many countries mandate the disclosure of attacks. Even if it is not mandatory, transparency about such incidents will be appreciated by the impacted individuals.
Many ransomware attacks involve unauthorized access to data. Security experts recommend changing admin and user credentials in the case of a ransomware incident.
With several sectors getting hit by ransomware, a response plan can be helpful. These recommendations, although not exhaustive, can be the basis to build on for a ransomware incident response.