5 Steps To Take After A Ransomware Attack

5 Steps To Take After A Ransomware Attack

Ransomware is a rising form of malware that hackers use to infect a computer or network to encrypt files and data, thereby crippling them its users and demand a large amount of money in order to decrypt the data. Paying the ransom does not guarantee that you will get your data back, and even if you do, how do you know the data is not compromised?

a hacker demanding ransom during a ransomware attack

Businesses are an easy target for ransomware attacks today usually orchestrated using phish emails. Once a user clicks a suspicious link or downloads a malicious attachment, hackers act quickly and immediately lock you out of your systems. Cybersecurity experts urge businesses not to pay ransoms but at what cost especially where the business lacks a data backup and recovery system?

The only insurance policy any business can have against ransomware attacks is having a data backup and disaster recovery system in place that will enable you to restore your data without paying the ransom fee. Here are a few basic steps to follow after ransomware or any malware attack;

1. Immediately identify all affected endpoints and isolate them. This means disconnect any affected PC’s and devices from the network to prevent further spread of the malware

2. Conduct a thorough audit of your entire network to determine the method of entry of the malware and the extent of the compromise

3. Block all access, close or patch all entry points of the malware and other vulnerabilities on your network

4. Restore endpoints to a known good state. Your endpoints could be a compromised PC, hard disk or even server. It can be achieved through reimaging or rebuilding your server.

a) Reimaging; this process is only applicable if an image of your production site taken prior to the attack is available for example an image of your backup hard disks or server. It is a simple process that will allow the business to restore its systems, applications e.t.c back to their initial state. Businesses can rebuild their on-premise or cloud servers from such an image.

b) Rebuilding; this is applicable where an image is not available but the business has an offsite backup of its data. It will involve reinstalling the server’s operating system, applications or any other software that was present on the compromised endpoint. After rebuilding the server, for example, if a data backup is available, the business can now restore the backed up data depending on set restore points and continue working.

5. Re-examine your security strategies. Leverage the network audit conducted to discover weak points in your security strategies to avoid a repeat attack.

We can conclude that the only painless way out of a ransomware attack is having a data backup and recovery system that will give your business the opportunity to recover data being held hostage by hackers.

Leave a Reply