Even if you have taken steps to protect your business, there’s still a chance it will become a victim of ransomware.
If that happens, experts recommend a variety of steps to take toward recovery.
Among the first are to take a photo of an infected computer’s screen to help identify the malware type, and to disconnect that device and any others that are infected from the network by turning off WiFi and unplugging network cables to try to minimize further spread.
Just as important will be to immediately alert your IT staff or cybersecurity provider, so they can begin the process of detection, removal, and recovery. It is also recommended that you contact your nearest FBI field office or report it at ic3.gov.
Your response team will need to determine how the ransomware might have been placed, so be sure to ask about what might have happened – such as someone opening an email and clicking on links or downloading a file – and be sure to warn any other staffers about the situation.
The tech experts will then need to determine how to deal with that type of ransomware and how to remove it, if possible. Be prepared for the possibility that they will need to wipe storage devices, reinstall all software from scratch, and hopefully restore data from backups.
You’ll also want to determine if your business’s data has been stolen and to notify anyone who might be affected.
Underlying all this will also be the question about whether or not to pay the requested ransom. While it is often recommended that you don’t pay, that decision will be up to you – just keep in mind that there is no guarantee the perpetrators will unlock your files or that you will get your data back.