Ransomware attacks are constantly changing, meaning they are getting more sophisticated and causing more damage to businesses. Because of this, noticing and reacting to an attack is not enough. You and your team also need to determine the scope of an attack and how it will impact your business to react effectively.
There are several ways that a cybercrime group might gain access to your files, and with this, there are many places they can hide within your system. So, you need to assess the extent of the attack to be able to make an informed decision about how to deal with it. Rushing into action without the full picture could make you vulnerable to another attack, data loss and increased downtime.
At Solace Cyber, we are ransomware recovery experts, offering rapid digital forensics and incident response to all industries and sectors that experience a malware attack. Our teams are highly experienced cybersecurity professionals with knowledge of all ransomware groups, including Akira, BlackCat and Lockbit3. We work by the rule of always getting a full understanding of the situation before creating an action plan.
Here, we explain why you need to determine the scope of the attack before jumping into action and how you can do it.
No matter how or where you notice the potential attack, the first thing you need to do is thoroughly investigate your system and networks to understand where the attack is happening and the existing damage.
Within this process, you will need to:
Taking these steps allows you to get a good understanding of what data they might already have and where they are working so you can create an efficient and targeted response.
If you are hiring a cybersecurity company to help respond to the attack, completing this step means you can provide a comprehensive summary of the situation to the team on their arrival, speeding up the onboarding process.

Once you know what the situation is in regard to the ransomware attack, you need to start working with your internal teams and reaching out to external experts to craft a response action plan.
Communication is key to this stage, both to inform stakeholders, customers and internal teams of the breach but also to ensure a smooth and quick response.
With an understanding of the attack and external and internal teams informed of the breach, the next step is to turn to business operations to see how this is going to impact your business, specifically looking at which services are impacted the most.
When completing this step, look at:
While there might be steps dictated to you by compliance with data protection regulations, knowing how the attack is impacting your business is likely to guide you through how you respond to the attack.
The above steps all need to happen quickly, and if you are employing professional help, they will guide you through the steps at a rapid pace. This is because you need the knowledge from the steps to be able to put an action plan in place, and the faster this is done and the actions taken to respond, the better the chance of recovery and limit the consequences.
Formulating a plan will predominantly sit with the external Incident Response Team you hire to respond to the attack, but it is important you know these steps to be able to facilitate them in creating the plan.
Of course, these steps and planning can’t happen if you don’t know what is going on. If you start planning with a partial understanding of the scope of the attack, you will likely miss part of the malware, allowing it to continue attacking the system.
There are several steps you need to take to determine the scope of the attack, and they need to be completed quickly yet thoroughly for the best chances of recovery.
However, we understand that discovering a malware attack can cause panic, leading to quick actions and missed steps. This is why hiring ransomware recovery experts is beneficial.
Solace Cyber have several teams across the country, so no matter where you are, we are able to help, arriving at your site the same day.
When working with us, you will have access to our Digital Forensics and Incident Response Team, who will work on-site with you to uncover the scope of the attack before containing and responding to the attack.
This on-site team are trained to handle the digital forensics of the attack, which you can use for criminal prosecution or insurance claims.
Additionally, you will have the support of 24/7 Security Operation Centre (SOC) services for constant monitoring throughout the recovery process.
If you think you are under attack from any ransomware group, contact our team now by calling us at 01202 308818.

Solace Cyber helps companies across the UK recover from ransomware attacks and data breaches.
Ransomware Recovery
Ransomware Groups
BEC Recovery
About Us
Blog
News
SOLACE CYBER LTD is registered in England & Wales no. 14028838

Solace Cyber
Twin Sails House,
W Quay Rd,
Poole, BH15 1JF
United Kingdom