29 August 2024

Emergency Response: What to Do If You Suspect a Ransomware Attack

It has become indisputable that businesses rely heavily on the internet and technology for their operations, with most businesses now moving away from paper and solely into the digital era. But with this comes a higher risk of ransomware attacks and hacking. These data intrusions are becoming more frequent for commercial enterprises and can have severe consequences, leaving companies asking, "What should I do if I think we are experiencing a ransomware attack?"

Taking action fast will significantly improve the likelihood of ransomware recovery for your business and reduce the impact. If you suspect a ransomware attack, there are several steps that you should follow for the chance to save the data and minimise the ramifications of the breach.

Solace Cyber are experienced ransomware recovery experts who have assisted companies across a range of industries in the event of a cyber security incident or ransomware attack. In this blog, we detail what you should do if you suspect you are experiencing a malicious attack on your data.

email phishing

How To Spot A Ransomware Attack

The list of ransomware groups is long, and it is getting longer as new groups are emerging every day. Each group will act slightly differently. However, the signals of an attack are similar across them all, no matter if you are being attacked by Lockbit 3, Odin, Blackbasta or any of the other groups.

Signs of an attack include:

  • An increase in phishing attempts
  • Alerts for unauthorised access attempts
  • Virus protection alerts
  • Unusual or different file names or extensions
  • Computer performance issues

If you spot one or more of the above and suspect it is due to a ransomware attack, you should raise your concern with colleagues so that action can be taken.

Disconnect Infected Computers

As soon as you think you are experiencing a ransomware attack, you should disconnect the infected computer(s) or device(s) from the network. This should prevent the attack from spreading across the rest of the system and help to minimise the impact and operational downtime.

When doing this, you should also isolate any devices that you suspect have been breached.

You will need to take a systematic approach to detect which devices have been compromised.

Check for the following:

  • Ransom notes
  • Unusual file extensions
  • Unusual network activity
  • Malicious processes
  • Security alerts
security alert
malware

Turn Everything Off

Once you have identified, isolated and disconnected the affected devices, power down all your other devices and systems.

This includes Wi-Fi connections, core network connections, all computers, laptops, phones and tablets.

Disconnecting everything will further prevent the spread of the malware.

Notify Your IT Department

Whether you have an internal or external IT department, you will need to notify them of your circumstances.

They will be able to start assessing the situation and working towards containing the attack.

Disable Automatic Back-Up Syncing

If you have a setting that enables the automatic backup syncing of files and systems, you need to disable it.

This will prevent the ransomware from getting access to and encrypting these files.

Notify An Incident Response Team

As soon as possible, you should contact a cybersecurity or Incident Response Team.

These professionals will be able to assess the damage, remove the ransomware and secure your systems ready for normal operations to resume.

cybersecurity

Contact Our Experts

If you think you are experiencing a ransomware attack, trust our experts to help you.

Our professionals have years of experience in cyber security and understand the importance of swift action when it comes to ransomware attacks and recovery.

We have various teams across the country that allow us to provide national coverage, so no matter where you are based, we will be able to provide a team to work on-site alongside you. We always aim to be at your location on the same day as your call so that actions can be taken as soon as possible to minimise the consequences of the attack.

Our six-step process is thorough and completely eliminates the malware as well as prevents its spread:

  1. Onboarding - We assess the situation and create an action plan
  2. Analyse - We identify vulnerabilities, attack vectors, data loss, and system impacts
  3. Contain - We isolate and eliminate malicious elements
  4. Remediate - We remove the root cause of the attack to prevent another attack
  5. Recover - We restore your system, implementing backups where possible
  6. Reporting - We write a report detailing the incident and reactions

Our teams are unique as they are Digital Forensic Response Teams, meaning that they handle data appropriately and in a manner that can be used as evidence in criminal court cases or insurance claims.

When using us, you will have access to complementary risk mitigation technologies and 24/7 Security Operation Centre (SOC) services, so you can be confident that we are monitoring and responding to all risks during the recovery process.

Solace Cyber is a recognised Assured Service Provider by the NCSC and holds a number of ISO accredited. These prove our dedication and track record for efficient and effective ransomware recovery.

Don’t wait for the situation to get worse. Get in touch with our team today. Call us on 01202 308818 or complete our online contact form for a complimentary consultation.

Request a callback

Solace Cyber, part of Solace Global, helps companies across the UK recover from ransomware attacks and data breaches.

Risk
Offshore
Cyber
Intelligence & Reports
Case Studies

Solace Cyber Limited is registered in England & Wales no. 14028838

Solace Global

Twin Sails House,
W Quay Rd,
Poole, BH15 1JF
United Kingdom

Telephone

Please note that calls may be recorded for security and training purposes.