How to Recover From a Ransomware Attack

Threat actors are ramping up their attacks in a big way and small businesses are in the cross hairs. Even with the most up to date security practices, there can be vulnerabilities you don’t know about. In the event your business finds itself on the other side of an attack, you need to be prepared for what may lie ahead. 

Ransomware is a unique challenge because it encrypts all of the files on a system. The only thing that can remove the encryption from an encrypted file is a specific decryption tool that is almost impossible to create without knowing how the file was encrypted to begin. This will lock up the file and make it completely unusable. 

When ransomware hits your business, here’s how you can recover from the attack: 

Restore From Backups 

The first thing to do in the case of ransomware is to restore everything you can from your backups. Replacing the affected files or even restoring the entire machine from backup can take almost all of the sting out of a ransomware attack.  

Many people utilize a cloud service for files like Office 365 or Dropbox. Logging into your account in the cloud can give you easy access to restore all of your individual files.  

You may want to clean up the rest of the ransomware attack on your local computer before re-downloading all of your files through reloading your machine first.  

Pay the Ransom 

If you don’t have valid backups, there is an option to pay the ransom to restore your company’s data. Even if you pay the ransom, there’s no guarantee that the attackers will hand over the decryption keys. However, the money is an incentive for them to deliver. 

Going this route is very touchy. Many of the threat actors do not mess around and they don’t negotiate. They can terminate communication at any moment and then decryption will be impossible. It may take all of your effort but try to be nice when dealing with them.  

Reload the Machines 

Most businesses are only backing up their servers, which leaves workstations unable to restore from backup.  

If the machine does not have any local files that need saving—like if the files are mainly stored in a cloud service —you can reinstall Windows and wipe the device. This method will require you to reinstall all of the programs you use, so make sure you know the license keys for any software that requires it.  

Ransomware is a scary thing. When all of your company data is suddenly inaccessible, how will your business continue? Putting a plan in place now, before an attack happens, can mitigate the damage. If you find yourself dealing with the aftermath of an attack, calling in an IT Support company like BRITECITY can help you get back on your feet. 


BRITECITY offers local businesses support in areas like Cyber Security, Cloud Services, Strategic IT, and Managed IT Services in Orange County.