You’re on your company computer when, without warning, you are greeted by an alarming message that tells you that your files are encrypted. The message promises that the hackers will unlock your files if you send payment in the form of a cryptocurrency like Bitcoin. The message also indicates that the hackers will delete your files forever if you take too much time to pay.
You check with your employees, and many have the same message on their screens. One call to the IT department confirms that your organization is the victim of a ransomware attack. You now wish that you had had at least some free ransomware protection to prevent this rueful day. But there’s still time to avoid some other mistakes after a ransomware attack.
Table of Contents
Mistake #1: Rushing to pay the ransom
It’s a bad idea to pay the ransom immediately. Not only does it encourage hackers to strike again, but there’s no guarantee that they will share the encryption key. Many ransomware groups only decrypt a few files after receiving payment and make their targets for significantly more money before unlocking all the files.
Consult with a cybersecurity company to explore other options before you send the money. If you must send payment to protect your reputation and reduce downtime, speak to law enforcement first. While the colonial pipeline ransomware attack was crippling, the FBI got the ransom money back.
Mistake #2 Continuing to use the compromised network
Although you only see ransomware on your network, you don’t know if there are other malware infections on your network, such as viruses, worms, rootkits, spyware, and more. Avoid using compromised systems until all malware is gone. Hackers may be spying on your communication and monitoring your defense measures.
Mistake #3: Restarting the machines
Your first instinct could be to restart the computer to see if it fixes the problem. Unfortunately, ransomware isn’t like a regular software bug and won’t go away with a reboot. Additionally, some ransomware corrupts or deletes encrypted files every time a computer reboots. You may also hinder the recovery efforts of your network security team by rebooting the machine because the ransomware may delete the decryption key.
Mistake #4: Not disconnecting the internet
Don’t forget to disconnect the Internet and the infected computers from the network immediately after a ransomware attack. Disconnecting the Internet won’t remove ransomware, nor will it stop the countdown until your files are permanently corrupted, but it can stop the threat actors from communicating with the malware. Disconnecting an infected computer from the network will also prevent ransomware from spreading to other systems.
Mistake #5 Deleting files
It’s often counterintuitive to delete files from an infected system because they could contain decryption codes. The right IT specialist can sometimes decrypt your computer by analyzing corrupted files.
Mistake #6 Accessing backups without removing ransomware
Whether your backups are on the network or an external drive, avoid accessing them at all costs until you’re sure the ransomware is gone. After all, many types of ransomware target and corrupt backup files.
These are six mistakes you must avoid after a ransomware attack. With the right cybersecurity tools, safety measures, and training, your organization can avoid a ransomware disaster.