In my career in information technology, I’ve spoken to quite a few businesses that had been successfully attacked by ransomware and had been too embarrassed to contact the authorities.
As cybercriminals become more sophisticated in their attacks (read about phishing attacks here), there’s no shame in being successfully hacked.
The FBI has the following recommendations to act immediately after a ransomware infection:
Immediately isolate the infected computer. Remove infected systems from the network ASAP to prevent further attacks and penetration of network or shared drives.
Isolate or power-off affected devices that haven’t been completely corrupted. This could buy you time to clean and recover data, contain the damage, and prevent it from getting worse.
Secure backup data or systems by taking them offline immediately. Keep your backups malware free!
If possible, collect and secure partial portions of the ransomed data that might exist.
If possible, change all online account passwords and network passwords after removing the system from the network. After malware is removed, change all system passwords.
Delete registry values and files to stop the program from loading.
"Immediately contact law enforcement. We [the FBI] encourage you to contact the local field office of the Federal Bureau of Investigation or U.S. Secret Service immediately upon discovery to report a ransomware event and request assistance."
The information above is from How to Protect Your Networks from Ransomware from the U.S. Government, including the FBI, NSA, and others. The complete document is here.
To Pay or Not to Pay
Increasingly, experts are recommending that you don’t pay the ransom. If you pay, you could be targeted again. On top of that, a hefty percentage of individuals and businesses who do pay for their hacked data don’t get their data back.
There is no honor among thieves!
However, every business is going to have a different cost/benefit conversation around paying the ransom. Can you survive with the last data? Do you have backups? If the only copy of files is locked down by cybercriminals, you may have no choice but to pay.
Protect Yourself -- Have a Data Backup Plan
In addition to have a robust security infrastructure, one of the best ways to prevent damage from a ransomware attack is to have an effective data backup strategy.
When hackers have your data, you’re at their mercy. That’s why many businesses decide to pay and hope to get their data returned to them.
When you have a data backup plan in place and working, you will have redundant copies of your data. Depending on the frequency of your backups, you could lose some data. However, that is a small loss when compared to the costs of paying off a ransom, possibly becoming a target again, and suffering hours or days of downtime to get your data back.