Blogs

July 30, 2019

How to Prepare for and Recover from a Ransomware Attack: 6-Step Guide

Handling a ransomware attack is a challenging, resource intensive process. But most businesses fall far short when it comes to ransomware recovery. In this post, we’ll cover 6 steps for how to respond to a ransomware attack and ways to prevent future ones.

Ransomware attacks originate through emails or questionable download links. They then seize control of your computer and data, holding it hostage. If your computer is connected to an internal business network, the ransomware will spread to other devices, taking even more data hostage. Finally, it delivers a message: pay up or lose everything.

Mitigating an attack like the one described above requires an aggressive step-by-step approach. Here’s what to do.

1. Contain the Malware:

The first moments after a ransomware attack are critical. How quickly you respond will define the extent of the damage from an IT and financial perspective.

This is why the first step is to minimize the spread of the ransomware. Malware typically spreads by infecting one computer. They then spread like the plague across wireless networks, interconnected hardware and any connection they can find.

Contain the spread of the ransomware by setting up a quarantine. Identify which devices are infected and isolate these by disconnecting them from the network. Time is not on your side when it comes to this step. The quicker you act, the better your chances of preventing the malware from spreading through the entire network.

How you handle this will vary based on your network and infrastructure design.  A company that has eight computers will have to respond differently than a company that has hundreds. Determining the appropriate method of containment is best done by consulting an IT professional.

2. Document the Attack

You are now on the receiving end of a criminal action. Documenting every possible detail will be critical in reporting the incident to authorities, insurance, and the rest of your organization.

First, take a picture of the ransomware message. You could take a screenshot on your computer, but your computer is compromised, so this isn’t always the best idea. External devices often work better, as they maintain a record on an uncompromised device. A camera or cell phone will work.

After photographing the message, continue to gather any other evidence and documentation you can. Here are some key details to look for:

  • Time and date of the attack
  • What you or someone else did before the attack
  • An assessment of what equipment has been infected
  • Data that is at risk
  • What sensitive or critical information has been lost or compromised

 

With this information, the next step is to contact law enforcement. Reporting is critical for pursuing legal action, protecting your future insurance claim (more on that later) and providing the FBI with accurate data on ransomware activity.

3. Assess the Threat

With containment and documentation taken care of, it’s time to evaluate which type of ransomware you’re dealing with. There are two.

Screen locking ransomware acts by locking users out from operating controls on their computer. While this malware is the real deal, it is breakable. With a strong IT staff or managed security team, you can probably fight and thwart the malware and recover your device and data. Keep in mind, there is always a risk to doing so, and some data could be lost.

Encryption ransomware, however, is far nastier. This malware seizes control of the computer and encrypts the data and system. Unfortunately, these encryptions are extremely difficult to break. Some are even impossible.

Your organization’s ability to fight this type of attack is going to vary, depending on IT staff and the nature of the attack. This is why you’ll need to review your current protocols on data backups and ransomware recovery. This will help your team determine what type of ransomware is at work – and if they can beat it.

If you have the ability to break the encryption, and are comfortable with the odds, thwarting the ransom is often the best option.

However, if you have no chance of breaking the encryption or don’t have usable backups, you have a very difficult decision to make.

4. Consult Your Legal Team

Because of the complex nature of the situation, and the fact that it’s related to criminal activity, it’s critical that you evaluate options with your legal team.

A key part of the process is weighing the cost and potential losses. Calculate an estimate of what you stand to lose in terms of data, hardware and operational expenses. (This will also be useful for insurance.) Now compare this against the price of the ransom.

In most cases, these numbers are going to be absurdly unbalanced. A $40k ransom against $1 million in damages is common. That’s how malware works. It creates a ratio so unbalanced that resisting looks worse than paying.

Legally, the official stance of the FBI and legal system is that victims of ransomware attacks should never pay. In practice, some companies pay, and some don’t. It’s a complex issue that is best decided on a case-by-case basis with your legal team.

5. File an Insurance Claim

After resolving the attack, the final step is filling an insurance claim based on the damages calculated earlier.

Insurance for ransomware and IT damages is complex and varies depending on plan and coverage. But if you want to ensure full recovery of damages, consulting your insurance agent and financial and legal teams will be critical.

6. Prevent the Next Attack

Once you’ve recovered from the fallout of the attack, it’s time to prepare for the next one. Ransomware is becoming increasingly common and experiencing a second attack can happen.

Here are a few things you can do to prepare.

Back up your data. One of the biggest sources of damages from a ransomware attack is data loss. With a comprehensive backup recovery plan, these losses become negligible.

Create an equipment log. Include all IT assets and devices, with values attached. This will help you quickly assess which gear is corrupted and what your potential losses are.

Review your insurance plan. Double check your coverage and how it addresses ransomware and other IT threats, so you’re not caught unaware.

Set up staff protocols. Having a comprehensive plan for how all employees should respond can drastically improve your IT team’s ability to contain any future threats.

Partner with a managed security provider. Handling all of these complex protocols can be time-consuming and resource intensive. For a lot of organizations, partnering with this type of provider is a great way to improve security with a multi-tiered defense approach while increasing incident response team bandwidth.

Conclusion

Handling a ransomware attack can be complex and stressful. But with a fast response time and comprehensive protocol, recovering and addressing the attack can be manageable.

Is your organization recovering from an attack? Looking to prepare for the worst? We can help. Contact us today to discuss options.

Mike Penn

Mike Penn joined Magna5 as Senior Content Developer. His role is to bring to life stories that inspire or inject clarity in how managed services and emerging trends can be applied to help organizations operate better and more efficiently.

recent blog posts

October 19, 2021
Magna5 Spotlighted in Enterprise Security Magazine as 2021 Top Managed Security Services Provider

Magna5 has been recognized by Enterprise Security Magazine as a 2021 Top Managed Security Services Company.

October 19, 2021
Magna5 – Enabling Businesses to Respond Quickly to Cyber Threats

Magna5 is recognized in Enterprise Security Magazine’s special edition – Top 10 Managed Security Provider 2021. Read the inspiring article featuring Matt Kimpel, Magna5 Director of Cybersecurity and Engineering.

October 14, 2021
Weaponizing IT: The Emergence of Killware and How You Can Defend Your Organization

With the emergence of “killware,” Magna5 urges all its customers to spring into action to ensure their networks are secure. Here are five ways we can help.

July 30, 2019

How to Prepare for and Recover from a Ransomware Attack: 6-Step Guide

Handling a ransomware attack is a challenging, resource intensive process. But most businesses fall far short when it comes to ransomware recovery. In this post, we’ll cover 6 steps for how to respond to a ransomware attack and ways to prevent future ones.

Ransomware attacks originate through emails or questionable download links. They then seize control of your computer and data, holding it hostage. If your computer is connected to an internal business network, the ransomware will spread to other devices, taking even more data hostage. Finally, it delivers a message: pay up or lose everything.

Mitigating an attack like the one described above requires an aggressive step-by-step approach. Here’s what to do.

1. Contain the Malware:

The first moments after a ransomware attack are critical. How quickly you respond will define the extent of the damage from an IT and financial perspective.

This is why the first step is to minimize the spread of the ransomware. Malware typically spreads by infecting one computer. They then spread like the plague across wireless networks, interconnected hardware and any connection they can find.

Contain the spread of the ransomware by setting up a quarantine. Identify which devices are infected and isolate these by disconnecting them from the network. Time is not on your side when it comes to this step. The quicker you act, the better your chances of preventing the malware from spreading through the entire network.

How you handle this will vary based on your network and infrastructure design.  A company that has eight computers will have to respond differently than a company that has hundreds. Determining the appropriate method of containment is best done by consulting an IT professional.

2. Document the Attack

You are now on the receiving end of a criminal action. Documenting every possible detail will be critical in reporting the incident to authorities, insurance, and the rest of your organization.

First, take a picture of the ransomware message. You could take a screenshot on your computer, but your computer is compromised, so this isn’t always the best idea. External devices often work better, as they maintain a record on an uncompromised device. A camera or cell phone will work.

After photographing the message, continue to gather any other evidence and documentation you can. Here are some key details to look for:

  • Time and date of the attack
  • What you or someone else did before the attack
  • An assessment of what equipment has been infected
  • Data that is at risk
  • What sensitive or critical information has been lost or compromised

 

With this information, the next step is to contact law enforcement. Reporting is critical for pursuing legal action, protecting your future insurance claim (more on that later) and providing the FBI with accurate data on ransomware activity.

3. Assess the Threat

With containment and documentation taken care of, it’s time to evaluate which type of ransomware you’re dealing with. There are two.

Screen locking ransomware acts by locking users out from operating controls on their computer. While this malware is the real deal, it is breakable. With a strong IT staff or managed security team, you can probably fight and thwart the malware and recover your device and data. Keep in mind, there is always a risk to doing so, and some data could be lost.

Encryption ransomware, however, is far nastier. This malware seizes control of the computer and encrypts the data and system. Unfortunately, these encryptions are extremely difficult to break. Some are even impossible.

Your organization’s ability to fight this type of attack is going to vary, depending on IT staff and the nature of the attack. This is why you’ll need to review your current protocols on data backups and ransomware recovery. This will help your team determine what type of ransomware is at work – and if they can beat it.

If you have the ability to break the encryption, and are comfortable with the odds, thwarting the ransom is often the best option.

However, if you have no chance of breaking the encryption or don’t have usable backups, you have a very difficult decision to make.

4. Consult Your Legal Team

Because of the complex nature of the situation, and the fact that it’s related to criminal activity, it’s critical that you evaluate options with your legal team.

A key part of the process is weighing the cost and potential losses. Calculate an estimate of what you stand to lose in terms of data, hardware and operational expenses. (This will also be useful for insurance.) Now compare this against the price of the ransom.

In most cases, these numbers are going to be absurdly unbalanced. A $40k ransom against $1 million in damages is common. That’s how malware works. It creates a ratio so unbalanced that resisting looks worse than paying.

Legally, the official stance of the FBI and legal system is that victims of ransomware attacks should never pay. In practice, some companies pay, and some don’t. It’s a complex issue that is best decided on a case-by-case basis with your legal team.

5. File an Insurance Claim

After resolving the attack, the final step is filling an insurance claim based on the damages calculated earlier.

Insurance for ransomware and IT damages is complex and varies depending on plan and coverage. But if you want to ensure full recovery of damages, consulting your insurance agent and financial and legal teams will be critical.

6. Prevent the Next Attack

Once you’ve recovered from the fallout of the attack, it’s time to prepare for the next one. Ransomware is becoming increasingly common and experiencing a second attack can happen.

Here are a few things you can do to prepare.

Back up your data. One of the biggest sources of damages from a ransomware attack is data loss. With a comprehensive backup recovery plan, these losses become negligible.

Create an equipment log. Include all IT assets and devices, with values attached. This will help you quickly assess which gear is corrupted and what your potential losses are.

Review your insurance plan. Double check your coverage and how it addresses ransomware and other IT threats, so you’re not caught unaware.

Set up staff protocols. Having a comprehensive plan for how all employees should respond can drastically improve your IT team’s ability to contain any future threats.

Partner with a managed security provider. Handling all of these complex protocols can be time-consuming and resource intensive. For a lot of organizations, partnering with this type of provider is a great way to improve security with a multi-tiered defense approach while increasing incident response team bandwidth.

Conclusion

Handling a ransomware attack can be complex and stressful. But with a fast response time and comprehensive protocol, recovering and addressing the attack can be manageable.

Is your organization recovering from an attack? Looking to prepare for the worst? We can help. Contact us today to discuss options.

Mike Penn

Mike Penn joined Magna5 as Senior Content Developer. His role is to bring to life stories that inspire or inject clarity in how managed services and emerging trends can be applied to help organizations operate better and more efficiently.

recent blog posts

October 19, 2021
Magna5 Spotlighted in Enterprise Security Magazine as 2021 Top Managed Security Services Provider

Magna5 has been recognized by Enterprise Security Magazine as a 2021 Top Managed Security Services Company.

October 19, 2021
Magna5 – Enabling Businesses to Respond Quickly to Cyber Threats

Magna5 is recognized in Enterprise Security Magazine’s special edition – Top 10 Managed Security Provider 2021. Read the inspiring article featuring Matt Kimpel, Magna5 Director of Cybersecurity and Engineering.

October 14, 2021
Weaponizing IT: The Emergence of Killware and How You Can Defend Your Organization

With the emergence of “killware,” Magna5 urges all its customers to spring into action to ensure their networks are secure. Here are five ways we can help.

you might also like

Blogs

July 1, 2021
Five Ways Managed Detection and Response Reduce Security Risks

Discover how managed detection and response helps you stay ahead of security risks by identifying and blocking both known and unknown cyberattacks.

Blogs

June 24, 2021
Exchange Server Cyberattacks: Are You Secure?

Is malicious malware lurking inside your network without you even knowing it? Take action now by building a multi-tiered defense.

Blogs

September 17, 2020
SD-WAN: Be an Enabler to Support a Remote Workforce

It has been six months since the global health crisis invoked government-mandated “shelter-in-place.” Yet many organizations that scrambled to standup hundreds of work-from-home offices are…

Blogs

August 27, 2020
A Devoted Partner: What Makes a Managed Services Provider Trustworthy?

Do you have a trust deficit with your existing managed IT services provider? Are you confident they are taking care of your network? Is juggling…

Blogs

August 13, 2020
Data Backup and Recovery: Confidently Retrieve Data in Any Disruptive Situation

Driving Responsiveness – Agility Series (Part Four)   Recognize this? “Jason is the kind of guy who’s always in a state of readiness. He likes…

Blogs

August 6, 2020
SD-WAN: Improving Network Uptime and Performance

Recently, the Enterprise Networking Magazine’s editorial board selected Magna5 as one of its Top 10 SD-WAN Solution Providers for 2020. The magazine evaluates and selects…

Blogs

August 6, 2020
Endpoint Security: Get an Edge in Securing Remote Workers

Driving Responsiveness – Agility Series (Part Three)   By default, playing it safe during a downturn can hurt your chances to thrive in a stronger…

Blogs

July 30, 2020
Cloud Managed Networks: Build Resilience to Prepare for the Unexpected

Driving Responsiveness – Agility Series (Part Two) During a business downturn, it is important to go beyond just surviving and position your organization as a…

Blogs

July 23, 2020
Unified Communications: Become Nimble When Facing Challenges During a Lockdown

Driving Responsiveness – Agility Series (Part One) Rather than tapping the brakes during the COVID-19 business lockdowns, many organizations are accelerating growth by reaching out…

Blogs

July 16, 2020
Endpoint Security: Cyber Protection for the Remote Workforce Era

It has been open season for cyber threat actors targeting organizations’ endpoints during the COVID-19 epidemic. With a large percentage of employees now working from…

Blogs

July 2, 2020
Contact Centers: Own the CX with the Right Tools to Be Memorable

By 2025, contact centers will morph into experience hubs and how they perform will be placed more clearly within the context of the overall performance…

Blogs

June 25, 2020
Microsoft 365: Safeguard Your Data from Unwanted Access

Every day, cyber criminals bombard networks with phishing emails or social engineering enticing users to give up confidential information. Examples include trying to trick you…

Blogs

June 18, 2020
Network Monitoring: It’s Time for Your Distributed Workers to Thrive

With the rise of the remote worker operating model, it doesn’t take long to discover that a distributed workforce depends upon high network performance and…

Blogs

June 11, 2020
Data Backup Protection: Safeguarding Your Last Line of Defense from Cyber Attacks

It is bad enough that cyber criminals relentlessly breach organizations’ networks with malware and ransomware to hold their data hostage. Now they are going a…

Blogs

April 16, 2020
Endpoint Security: Six Essentials to Protect Endpoints from Breaches

Hackers are leveraging ransomware and other malware through phishing lures, malware distribution and domain registration tied to COVID-19. Common themes include scamming, brand impersonation, blackmail…

Blogs

March 5, 2020
Public Health Crisis: Six Ways to Improve Your IT Network to Empower Remote Workers to Be Productive

The ripple effect of a major global health crisis can have a profound impact on organizational operations. As we’ve seen with the recent coronavirus outbreak,…

Blogs

February 6, 2020
IT Monitoring & Management: Top 4 Benefits

IT monitoring and management services offer organizations a way to improve security and network uptime without burdening internal IT teams. In this post, we’ll review…

Blogs

January 30, 2020
SD-WAN in Healthcare: A New Threshold for Network Uptime and Performance

SD-WAN in healthcare is changing how hospitals, medical offices and clinics care for patients. Here are four ways healthcare organizations are reaping the rewards. SD-WAN…

Blogs

January 16, 2020
Unified Communications and SD-WAN in Healthcare: Synchronize Collaboration Across Multiple Locations

Federally Qualified Health Centers are community-based health care providers who provide a vital link to primary and preventive healthcare services in underserved communities. Dependable communications…

Blogs

October 31, 2019
Rapid Response: A Checklist Every Disaster Recovery Plan Should Cover

We’ve heard the saying: “Expect the unexpected.” But do businesses really take it seriously? Last October, weathermen cautioned residents in the Dallas area of pending…

Blogs

October 17, 2019
Be Cyber Smart: Cybersecurity Essentials to Protect Your Network

In our last two blog posts, we discussed how to “OWN IT” and “SECURE IT.” Today, continuing our National Cybersecurity Awareness Month series, Be Cyber…

Blogs

September 19, 2019
New National Number Portability (NNP) Ruling Will Allow Number Porting Without Geographic Restrictions

The Federal Communications Commission (FCC) is working on final rules to enable true national number portability on a nationwide basis.  When implemented, it will enable complete national number porting…

Blogs

September 12, 2019
Telecom Fraud Is Exploding: Take These Steps To Avert An Attack

Imagine getting to work and seeing an invoice from your voice provider that your company ran up a $122,000 phone bill in a single weekend!…

Videos

Managed Security: Protect Data from Emerging Threats

By 2021, a new business will be victimized by ransomware every 11 seconds. Even with strong security controls in place, your organization still has a…

Blogs

August 1, 2019
What is Toll-Free Least Cost Routing?

Toll-free least cost routing helps organizations find the best path between caller and destination at the lowest available cost. Here’s why it matters.   Toll-Free…

Blogs

July 2, 2019
SD-WAN: 3 Ways Your Business Can Deploy

SD-WAN with Magna5 offers three popular deployment models to fit the needs of your organization – on-premises, hybrid and cloud application. Software-Defined WAN (SD-WAN) is…

Blogs

June 27, 2019
Disaster Recovery & Business Continuity: 8 Steps Every Midsize Business Needs to Follow

Roughly 40-60% of midsize businesses never reopen after a disaster. But, with the right disaster recovery and business continuity plan in place, the damage can…

Blogs

June 13, 2019
Multi-layered Security: Eliminating Threats with Managed Security Services

Over the past five years, security breaches have increased by 67%, according to Accenture’s global survey. Traditional security is in trouble. As threat actors deploy…

Blogs

June 6, 2019
Developing an effective IT monitoring strategy that protects your business uptime

An effective IT monitoring and management strategy helps organizations protect precious uptime to eliminate downtime situations. Every company’s network and server structure are different. Some…

Blogs

May 23, 2019
SD-WAN vs Managed SD-WAN: Which One is Right for Your Business?

SD-WAN is revolutionizing networking by improving how businesses connect. But before hopping on the SD-WAN train, you need to decide whether you want to manage…

Blogs

May 9, 2019
Five Ways Managed SD-WAN Helps Healthcare Providers Improve Telehealth Connections

Healthcare providers are finally hopping on the managed SD-WAN train – and telehealth is driving it. In this post, we’ll look at five ways s…

Blogs

April 25, 2019
One Spoof Too Many … New National Protocol System to Prevent Illegal Caller ID Disguising

If you’ve ever seen your area code on the caller ID, only to be greeted by a pre-recorded voice message promising to erase your credit…

Blogs

April 18, 2019
Managed SD-WAN: You have the questions, we have the answers

SD-WAN is the new buzz word these days. Do you fully understand how it can positively impact your business? Managed SD-WAN can bring benefits and…

Blogs

April 11, 2019
The Main Benefits of Cloud Managed Network Explained 

As you see in the video, sometimes network complexity can make you want to go back to the antiquated days of pen and paper. However,…

Blogs

March 14, 2019
SD-WAN: A No Brainer for Unified Communications

Deliver high quality voice and application performance over SD-WAN for your employees, nationwide. Organizations utilize Unified Communications to bridge the gap between multiple locations and…

Blogs

March 13, 2019
Data Retention Policies – A Lifesaver to Avoid Costly Litigation

Every organization is liable for the information it keeps. In a data-driven world, company records and information are everywhere … in servers, in storage, on…

Blogs

February 21, 2019
Traditional WAN vs. Software-Defined WAN

Traditional WAN is out of date. SD-WAN can make your network agile and efficient with the cloud.  Almost every IT and business leader today is…

Blogs

January 24, 2019
Meeting Business Challenges with SD-WAN

Simplify your branch office network with optimized application performance using SD-WAN Today’s enterprise IT has become more sophisticated and bandwidth intensive, creating a complex and…

Blogs

January 10, 2019
4 Key Takeaways from the Ponemon Cloud Security Study

Companies are increasingly moving IT workloads to the cloud, but are they doing it at the risk of exposing themselves to a data breach? Multiple…

Blogs

January 3, 2019
All Clouds are Not Created Equal

Lots of companies are moving IT workloads to the public cloud, but is this the right strategy for your business? I’m sure you’re aware by…

Blogs

December 27, 2018
Eliminating Data Disasters with Data Backup in the Cloud

Disasters hit every organization sooner or later. The cloud, combined with reliable partners, makes recovering from disasters easier than ever before. Disasters have a tendency…

Blogs

July 26, 2018
Solving Enterprise Communication Issues with UCaaS

Simplify your Enterprise communications with Unified Communications as a Service (UCaaS) in the cloud. Enterprise businesses are constantly struggling with communication challenges. Traditionally, business phone…

Blogs

July 12, 2018
Are your Business Communications Secure? Ensure Security with These Standards.

Secured business communications mean better connections to your customers. UCaaS (Unified Communications) ensures your security with features like encryption, business continuity, and 24/7/365 support. Security…

Blogs

June 21, 2018
Making the switch to a Cloud Contact Center

Improve customer satisfaction and the customer experience with a hosted UC and Cloud Contact Center solution. One of the many exciting things happening at Magna5…

Blogs

June 14, 2018
Magna5 Now Provides Cloud Managed Network

Managing your network can be hard, but it doesn’t have to be – that’s why Magna5 now offers Cloud Managed Network. Experience feature-rich benefits and…

White Papers

A Beginner’s Guide To NOC Monitoring and Management

Reduce Costs, Increase Uptime and Improve Performance A network operations center (NOC) is the heart of an IT managed services provider – monitoring, managing and responding…

Blogs

May 31, 2018
Make Collaboration the Heart of Employee Communications with Cloud UC

Enhance collaboration to increase productivity and save money Being able to easily connect with your customers, vendors, and fellow employees is key. Without it, employees…

Blogs

April 19, 2018
Internet Service and Business Communications

What is SD-WAN? Combined with UCaaS, it’s the future for small businesses in 2018 Unified communications, delivered as a service (UCaaS) from the cloud, is…

White Papers

Should You Implement Disaster Recovery In The Cloud?

A fast, flexible data recovery system not only saves thousands – it could save your business. Business Data Loss can be the result of anything…

Blogs

March 28, 2018
Liberate your business with Cloud Unified Communications & Collaboration

Businesses today either evolve or get left behind. We see organizations of all sizes that were once successful, now losing customers because they have not…

Blogs

February 27, 2018
Reliable IT Monitoring and Management: The Benefits of a Fully Managed Solution

As business pushes the limits of IT availability, productivity and efficiency, the importance of reliable IT operations continues to be apparent. Small- and medium-sized organizations…

Talk to a Technical Expert

Interested in finding a Managed Service Provider for your network needs?
Would you like to find out more information about Magna5? Whatever your need, reach out!