Responding to a corporate ransomware attack

Although your company may take all of the necessary precautions and have all of the right cyber security measures in place, this is not always enough. Ransomware attacks can be sneaky, and accidents are always possible. Here at Creative Network Solutions, we are Preston’s leading IT support and network services experts. From secure remote access services to business VoIP, we are the team you can count on. And this is our guide to everything you should know about what to do when your company is the victim of a ransomware attack.

What are the important steps for responding to a corporate ransomware attack?

There are a number of steps your company should take in the event of a successful ransomware attack. These include:

  • Don’t panic- the first step to dealing with a situation like this successfully is not to panic. Panicking will only make the situation worse and you may take actions that are not well thought through.
  • Locating affected parts of the network- depending on the size of your network, and your existing network security, a ransomware attack may be localized in only one small part of your network system, or even on one single machine. However, for more complex attacks, or for companies with weaker security in place, this can spread throughout the rest of the network. As a result, the first step is to locate the right network area. For smaller companies with only a few machines, you can walk between these to find out, or use the anti-virus logs. For large companies with many machines, you will need to use the events and logs to find the effected machines.
  • Isolating the infected computers- once you have identified and located the infected computers, make sure that these are isolated from the rest of the system immediately. This is essential for preventing the spread any further. Once these have been isolated you will need to create disk images of them, and if possible leave these machines alone until the investigation is over.
  • Investigate- now you can conduct an internal investigation to see where the ransomware got in, and how. Ransomware doesn’t happen by itself, it will need have some software installed to load this into the system. It is essential that you find this. At this point you can then consider how this happened, and what security gaps allowed this to happen.
  • Clean up and restore- if you have your data backed up, you should be able to restore the data fairly easily. If not, you will have to try to decrypt the data, and there are some tools you can use for this online. Just don’t pay the cyber criminals.

For more information or advice about your network security, systems, or cloud solutions, why not ask the experts today, here at Creative Network Solutions.