6 September 2024

Do’s And Don’ts If You Have Been Hit By A Ransomware Attack

Experiencing a ransomware attack is panic-inducing, as it frequently has serious consequences for businesses. However, by panicking you can make the situation worse. So, as hard as it is, you should remain calm and try not to panic if you have received a ransom note or suspect a ransomware attack is currently happening.

Should you suspect that you are being attacked by one of the ransomware groups, there are a number of do’s and don’ts you should follow to ensure the best possible chance of ransomware recovery.

Solace Cyber are ransomware recovery specialists. With teams across the UK, we have helped many businesses prevent the spread of an attack and minimalise the damage. In our time doing this, we have seen a range of reactions and their impacts, building up knowledge of what should and shouldn’t be done in the ever-growing landscape of malware attacks.

In this blog, we share the do's and don'ts when reacting to a ransomware attack that will allow you the best chance to recover.

cyber security firewall

Do - Block Connections

As soon as you receive the ransom note or suspect an attack, disconnect devices for the system and block connections as soon as possible.

This will stop the attack from being able to spread, containing it to the area already breached.

The best way to go about this is to block connections at the following locations:

  • External firewall (to prevent any internet traffic and to keep the attackers out)
  • Business-critical servers
  • Any asset with indications of ransomware
  • On-premise backup solutions

Don't - Turn Off Servers

While it might be tempting to switch off all your servers immediately, this is something you should hold off on to begin with.

Before you turn them off, you will need to ascertain whether they have been affected by the ransomware.

Ransomware attacks often live in the computer's live memory, and this can be valuable information for recovery teams as it can inform them of the breach details and help them map out an action plan.

The information stored in the live memory is valuable digital evidence, which the team at Solace Cyber can handle appropriately. In retaining this data and employing a Digital Forensic Incident Response team, you could gain usable evidence for criminal trials or insurance claims.

Should you restart or reboot your computers and servers you are likely to wipe the live memory. Therefore, removing any evidence of the attack and leaving the implications.

Instead of switching servers off, simply disconnect them and isolate them from networks and devices to prevent the attack from spreading.

Do - Verify State of Business-critical System Backups

Ransomware attackers will work to remove any backups you have online as they believe this gives them the best chance of getting paid - you can’t recover your data if you don’t have backups, so you may be more likely to pay the ransom fee.

Once your systems are isolated, take a look at your backups to see if they have been breached or deleted. If possible, make copies of these offline so that the attackers are unable to get to the data as the attack spreads.

Do - Contact Your Legal Teams

In the EU and UK, we follow GDPR rules that ensure people’s privacy and data are respected. A ransomware attack breaches these regulations as the data that attackers get hold of often includes personal data.

Because of this, there are legal implications for these attacks, so you must notify your legal team as soon as possible so that they can guide you through the legal considerations throughout the recovery process.

data backup
cyber security expert

Don't - Attempt To Resolve The Problem

It might be tempting to try and clean up the ransomware attack on your own, keeping it in-house to minimise word getting out. However, ransomware attacks are complex and are likely to find hiding places within your system that you don’t consider or touch. Trying to resolve the issue yourself leaves you susceptible to other attacks in the future.

This also includes paying the ransom without consulting professionals. Often, the promise of returning your data on payment of the ransom is false, meaning you lose significant amounts of money as well as your data.

Do - Reach Out To A Professionals Team

A professional team, such as Solace Cyber, will implement a thorough recovery plan, not only preventing the spread of the attack but also investigating the source of the attack, eliminating the root problem and implementing prevention methods for future attacks.

Moreover, Digital Forensic Incident Response teams can resolve the attack while maintaining key evidence of the attack that can be used in a criminal court case or insurance claim.

The professional recovery process is thorough, ensuring that we get to the root cause of the attack and remove it completely to reduce the chances of another attack.

Contact Solace Cyber

If you think you are experiencing a cyber attack, don’t hesitate to get in touch with our specialists.

A quick response is imperative, and we have several teams around the country, allowing us to provide on-site ransomware recovery wherever you are.

We have a six-step process that follows a logical set of stages to identify and react to the attack, and with our complementary risk mitigation technologies and 24/7 Security Operation Centre (SOC) services, you can be confident that we will have our eyes on all situations and developments.

Call us today on 01202 308818.

Request a callback

Solace Cyber, part of Solace Global, helps companies across the UK recover from ransomware attacks and data breaches.

Risk
Offshore
Cyber
Intelligence & Reports
Case Studies

Solace Cyber Limited is registered in England & Wales no. 14028838

Solace Global

Twin Sails House,
W Quay Rd,
Poole, BH15 1JF
United Kingdom

Telephone

Please note that calls may be recorded for security and training purposes.