how to respond to ransomware attack

How to Respond to a Ransomware Attack

Ransomware, Wannacry, Malware, Security

Ransomware is one of the most common cyber threats that businesses encounter. We’ve heard of large enterprises being victims of this threat, but small businesses suffer an immense loss when they are the victim. About two-thirds of attacks in 2019 are either small or medium-sized businesses. Cybercriminals target these businesses because they are less well-prepared and defended in case of such attacks.

What is Ransomware?

Ransomware is a form of malware that encrypts the data or files of a victim. The hacker will demand a ransom in exchange for the encrypted files. The cost of ransomware often differs, but in a study shown in the third quarter of 2019, the ransom increased to 13% compared to last year’s second quarter. That’s a big jump for a short time. It seems that more and more businesses are falling for this attack.

The most common way to get infected by malware is through phishing emails. Emails that contain infected attachments or links that once it is downloaded into your device, it will deploy its action. You can also get threats from drive-by downloading. The latter occurs when a user visits an infected website, and the malware will be downloaded into the user’s device without knowing it.

You can get infected files from social media, unknown messages, and more. Therefore, certain steps to implement precaution is needed.

Types of Attacks

Two types are commonly known the crypto-ransomware and locker ransomware. The former type encrypts sensitive files of the user and demands money from the victim to get their file back. Meanwhile, the latter doesn’t encrypt files. Instead, the user is locked out of the device. It means that you won’t be able to access any content or file and the whole device. That’s when hackers demand a ransom.

Examples of Malware Threats

Bad Rabbit

BadRabbit is known in 2017 as a malware that spread via the method of drive-by attack. Visitors who entered this unsecured website and download something acquired the malware on their device. Bad Rabbit disguise as a malware dropper in the form of Adobe Flash.

The attack happened in Russia, Ukraine, Turkey, and Germany.


It first came out in 2007, where it spread through email links or attachments. It is known to infect around half a million computers, law enforcement, and security companies. Once CryptoLocker enters a device, it searches for valuable files and encrypts it.


In 2017, WannaCry targeted about 150 countries and affected 230,000 computers globally. It was created by the United States National Security Agency but leaked by a group called Shadow Brokers. It attacked hospitals in the UK, costing NHS an estimate of £92 million. The hackers demand a ransom in Bitcoin currency. The attack targeted outdated systems, making healthcare services vulnerable.

Worldwide, it costs a loss of $4 billion.

Becoming a victim of this malware can cost millions of dollars, and you definitely don’t want this to happen. But what if you fall from this attack? What should you do? This article will provide you with a list of ways on how you can deal when your business has been targeted.

What to Do in the case of a Ransomware Attack?


Determine what kind of attack

As mentioned earlier, there are two kinds of ransom threats. You have to know which form of attack you have acquired. In this way, you’ll be able to know what to do. However, you should also be cautious as there are also fake attacks that will pop up on your screen, notifying you that your files are encrypted. If you can navigate through apps, your screen, and all your files, then it’s likely a fake attack.

Quarantine the infected device

When you have determined the type of attack, it is best to isolate the computer or system to avoid infecting other devices. Disconnect the device from the network, as malware can spread through networks and devices.

Take picture of the ransom note

Like a real-life ransom note, you need to have proof that there is one, so you should take a picture of the note on your screen. Use this to present to authorities later. If you are from New Zealand, you can report attacks to certNZ, or other authorities that handle cybercrime. Include also, other communications that the attacker has sent to you on your report.

Use an effective anti-malware and antivirus software

If you are not willing to pay your encrypted files, you can install software to remove the malware. However, take note that once the ransomware is removed, it doesn’t mean that your files are decrypted. Therefore, make sure that you don’t need your decrypted files before performing this step.

Inform you customers

It is vital to inform your customers about the attack. It might be difficult doing such because their data has been compromised, and you might lose some of them. But it is better to be straightforward to your customers. They have the right to know who has gained access to their confidential information.

Try to recover deleted files

If you can, try to recover deleted files. Usually encrypting malware copy files and encrypt it while deleting the originals. You can recover these deleted files by using some tools that are free or some are paid.

Restore back up files

If you back up your files regularly, you can restore it anytime. But, you must make sure that the files you backed up weren’t encrypted too. You can wipe your drive fully, clean installation of the operating system, and restore the files from backup. Wiping and reinstalling the OS will remove all traces of ransomware on your machine.

Negotiate and pay

If you want to retrieve your files, you can pay for it, although it is not often recommended or should only be the last resort. Most malware attacks provide instructions on how you can retrieve your files or contact the cybercriminals. You can make a deal with the hacker.

Reinstall operating system

If you don’t want to spend money to retrieve your file, you can reinstall your operating system. You can reset it using its factory reset option, but for other devices, it requires disk or USB sticks.

File a report

Remember earlier when we mentioned taking a screenshot of the ransom note? Now, it’s time to use that photo. You can take necessary legal steps to file an insurance claim or lawsuit related. In addition, filing a report can help to keep track of infection rates and their spread.

If you have encountered such an attack, following the steps above carefully can help you retrieve your file and remove the malware from your system. Remember, do not panic when it happens. Also, start securing your data to avoid future attacks.

Here are simple steps to protect or prevent ransomware attacks:

  • Never click on unverified links.
  • Do not open or download any attachment on emails if you don’t know the sender.
  • Download from a trusted site only.
  • Don’t share personal information.
  • Update software and operating systems.
  • Get the best ransomware protection for your device.
  • Back up data regularly.
  • Use a VPN to connect to public Wi-Fi for security.

Leave a Comment

Your email address will not be published. Required fields are marked *