How to Recover From a Ransomware Attack

Threat actors are ramping up their attacks in a big way, and small businesses are in the cross hairs. Even with the most up to date security practices, there can be vulnerabilities you don’t know about. In the event your business finds itself on the other side of an attack, you need to be prepared with what may lay ahead.

Ransomware is a unique challenge because it encrypts all of the files on a system. The only thing that can remove the encryption from an encrypted file is a specific decryption tool that is almost impossible to create without knowing how the file was encrypted to begin. This will lock up the file and make it completely unusable.

Since we are talking about recovering from a ransomware attack at the moment though, we won’t get into how you can prepare for the attack. When ransomware hits your business, you can recover from the attack.

Restore From Backups

The first thing to do in the case of ransomware is to restore everything you can from your backups. Replacing the affected files or even restoring the entire machine from backup can take almost all of the sting out of a ransomware attack.

Many people also utilize a cloud service for files like Office 365 or Dropbox. Logging into your account in the cloud can give you easy access to restore all of your individual files. You may want to clean up the rest of the ransomware attack on your local computer before re-downloading all of your files through reloading your machine first.

Pay the Ransom

If you don’t have valid backups, there is an option to pay the ransom to restore your company’s data. Even if you pay the ransom, it is not a guarantee that you will get decryption keys. There is an incentive for the attackers to deliver the keys though. If word gets out that they do not give the decryption keys, no one will pay up in the future.

Going this route is also very touchy. Many of the threat actors do not mess around, and they don’t negotiate. They can terminate communication at any moment, and then decryption will be impossible. It may take all of your effort, but try to be nice when dealing with them.

Reload the Machines

Most businesses are only backing up their servers, which leaves workstations unable to restore from backup. If the machine does not have any local files that need saving like if the files are mainly stored in a cloud service, you can reinstall Windows and wipe out the device. This method will require you to reinstall all of the programs you use, so make sure you know the license keys for any software that requires it.

Ransomware is a scary thing. When all of your company data is suddenly inaccessible, how will your business continue? Putting a plan in place now, before an attack happens, can mitigate the damage. If you find yourself dealing with the aftermath of an attack, calling in an IT Support company like briteCITY can help you get back on your feet.