5 Steps to Recover from a Ransomware Attack

Ransomware is a huge problem for big and small businesses alike.  We’ve seen ransomware that has forced small businesses to close. The high-profile breaches at  McDonald’sColonial Pipeline and JBS Meats are just some recent examples of how ransomware can strike any business any time and cause major problems. 

Recovery from ransomware without paying a huge ransom is possible.  If you have managed to keep uncorrupted backups, you can recover from ransomware by following these 5 steps.

  1. Isolate and shutdown critical systems

This is the first thing you need to do, to ensure the ransomware infection doesn’t continue to spread throughout your network.  Shut down all mission-critical systems, and ensure to isolate the infected ones from the still “healthy systems” to contain the spread. The better you contain the spread of the infection, the easier it will be to recover from ransomware.

  1. Enact your business continuity plan

You do have a business continuity plan, right?  A business continuity plan and its disaster recovery component are essential to maintaining business operations. The business continuity is the playbook that helps all departments in your organization what their role is in ensuring the business operates during a disaster. During a disaster like a cyber attack, the continuity plan will address how to operate while systems are offline and being recovered.  The disaster recovery component details how the critical data and systems will be restored and brought back online. In addition, some companies have a separate breach readiness or incident response plan. This is a key component of the recovery process as it will help speed up the recovery time. 

  1. Report the cyber attack

Many companies opt to pay a ransom simply to keep the breach out of the news.  Nobody wants the bad press associated with a ransomware attack, but reporting the breach to customers, stakeholders, and law enforcement is essential. Failing to notify customers and stakeholders can lead to a lack of trust.  In many jurisdictions, it is now mandatory for organizations to report a breach within a certain period of time, otherwise hefty fines will be incurred.  GDPR and PIPEDA are just some of the regulations out there that require breaches, to be reported. 

  1. Remediate, patch, and monitor

This step is very important and cannot be skipped.  Businesses need to ensure that they have remediated the infection completely to ensure the ransomware infection still isn’t lurking on their systems.  All systems need to be patched for vulnerabilities and constantly monitored for any suspicious activity that could indicate a threat actor is still lurking on your systems waiting to strike again. Unlike lighting, ransomware can strike twice, especially is this step isn’t followed.

  1. Restore from backups

Now that you have removed the ransomware infection, you can begin the process of restoring your systems from backups.  Always ensure the backups haven’t been infected and are not corrupted prior to restoring. 

If you are struggling with a cyber attack, and don’t know where to start, these tips will help provide you with a direction.  You don’t have to do this alone either. Uzado can help you with the recovery process from a cyber attack.