<img height="1" width="1" style="display:none;" alt="" src="https://dc.ads.linkedin.com/collect/?pid=698042&amp;fmt=gif">
EnvisionIT Solutions Blog Logo
Back to posts

November 1, 2021

4 Steps To Take After a Ransomware Attack

4 Steps To Take After a Ransomware Attack

4 steps after a ransomware attack

Are you worried about a ransomware attack? Each year Ransomware costs US businesses over $7.5 Billion! 


These attacks can lock you out of your network with a ransom demand for the privilege. And if you've never dealt with a ransomware attack before, you might not know what to do.

Don't worry! Read on for 4 steps you should take after a ransomware attack.

1. Ignore the Ransom Demand

NEVER pay a ransom demand.


This is the scam part of ransomware and if you pay, there's no guarantee you'll get your files back. In fact, it's more likely you'll get extorted out of even more money.

If you pay, you'll be encouraging these criminals to continue their attacks. Even if they do release your computer, it's still infected. You could pass the ransomware on to others, and they could lock you down again.

2. Determine the Damage and Type of Ransomware

Most ransomware change encrypted file names. The extensions are often changed to match the ransomware's name. It often creates README files too.


This is where they put the ransomware instructions. Both of these will give you an idea of the damage and how much its spread.


Locate all infected devices and get them off your network immediately.


Related Post: Is Your Company Ready for a Ransomware Attack?ransomware-attack

3. Wipe Infected Machines and Restore Encrypted Data

The safest way to deal with ransomware is to reset all infected machines to factory defaults. Then you move on to restoring data from your back up data stores.

Issues arise when you have no backup data. There are some tricks you can try.


In some cases, malware researches have broken ransomware encryption. This means there are decryption tools available.


You should always back up your data as part of a disaster recovery plan. Regular backups are the best preventative measure you can take. Keep them in an external system or the Cloud. This way, if ransomware takes your system hostage, you've not lost anything.

4. Do a Post-Breach Audit

Once the attack has been dealt with, you should now do a full assessment of the situation. Also, record how your business responded to any extra surprises during clean up.

Start with working out how the ransomware infected your systems, retrace its trajectory. Figure out what were the vulnerabilities exploited. And work out how you can mitigate these vulnerabilities or remove them?

Keep in mind that you could now be a target for more attacks. Half of all ransomware victims will experience more attacks.


Watch our video: Typical Cybersecurity Mistakes

Ransomware Attack Preparation Made Easy

So there you have it! If you follow these 4 ransomware attack tips, your business will be back on its feet in no time!

Preparedness is key!  So make sure you're mitigating or removing any vulnerabilities. Also, keep off-site backups of your important data you need to function. And never give in to ransom demands, you'll only fund more attacks and may not get your systems back!

If you feel unprepared for a cybersecurity breach, contact us at Envision IT Solutions today. Our Business Continuity Services lets you continue with business rather than deal with catastrophic system failure and data loss.

Kevin Gray
Hello! I am the Managing Principal @ EnvisionIT Solutions. | Technology Expert | Author | Speaker | Small & Medium Business IT Support - We founded EnvisionIT Solutions in 2007 to provide IT services and support for business owners/CEOs who value the necessity of technology to drive their success and growth.
Find me on: