What to Do if Your Business Falls Victim to a Ransomware Attack

Ransomware is a type of malicious software designed to block access to computer systems until a sum of money is paid. Oftentimes, the criminals behind the ploy threaten to publish the victim’s data or permanently block access to it. In other words, digital files are “stolen,” and in order for them to be restored, a monetary ransom is demanded.

The International Data Corporation (IDC) recently conducted a study that found 37% of global organizations said they were the victim of some form of ransomware attack in 2021. Moreover, the Cybersecurity and Infrastructure Security Agency (CISA) reported 2,084 ransomware complaints in the first half of 2021 alone.

Any company, no matter its size, age, or reputation, can fall victim to ransomware. In fact, some of the world’s largest corporations had this happen to them just last year, including Accenture, Apple, Shutterfly, and Colonial Pipeline.

If your company’s data is ever held hostage by thieves, here’s what you should do — and what you shouldn’t.

What to do in a ransomware attack

Go offline

As soon as you’ve been alerted of a ransomware attack, take all systems offline and turn off the Wi-Fi network. If it’s early enough, the malware may be prevented from spreading across the entire network.

Contact the authorities

If you’ve been hit with ransomware, report your case to federal agencies immediately for valuable information. Once you report the incident, authorities can then promptly detect the means by which the hacker committed the crime. Your case information will be combined with others to formulate potential causes and solutions. 

Companies are encouraged to visit stopransomware.gov to guide them through the detection and eradication processes.

Inform your service provider and IT department

It is your service provider’s chief responsibility to ensure their customers are rightly protected, so reporting your case to them straightaway will allow them to take action and prevent more data breaches.

Additionally, be sure to get in touch with your company’s IT team so they can safely contain the malware and provide instructions on what to do. IT will likely advise workers to disconnect affected devices from the network to prevent the malware from spreading.

Restore your backup data

It is extremely important to continuously back up your company’s data and make sure you are always running the latest antivirus software. Restoring the backup data enables your company to continue working (i.e., not shut down completely) while the issue is being taken care of.

Companies should also consider developing and implementing cybersecurity protocol as they remain focused on their core business activities.

Do NOT pay the ransom!

Whatever you do, never pay the requested ransom. There is no guarantee you’ll regain full access to your data, nor will a payment prevent your information from being leaked by the criminal. Contact your service provider as soon as possible, reclaim control of the servers, restore your backup data, and strengthen your security against any future invasions.

Ransomware is a terrifying problem for businesses. At Rural Mutual, we are always looking out for our customers’ safety, and we understand that numerous cybersecurity issues are on the rise. Visit our Cybersecurity Learning Center for more information.