What to Do If You’re a Ransomware Victim

You’ll know if you’re a victim of ransomware. Often you’re met with a red screen telling you your business files are encrypted. You won’t be able to do anything on the computer, although the cybercriminals will provide helpful instructions for how to pay up. How nice. Here’s what to do instead if you’re the victim of a ransomware attack.

Cybersecurity Ventures predicts ransomware will impact businesses every 11 seconds in 2021. Yes, you read that right. That’s up from every 14 seconds in 2019. Another research company reported ransomware increasing 485% year-over-year in 2020.

Know that it’s widely considered a bad idea to pay the ransom, because you’re rewarding the cybercriminal. Plus, you can’t even be sure that they will provide the encryption key needed to regain the use of your files. What! You were going to trust the bad guys?

The Important First Step

The first thing you’ll want to do is make it all go away. Yet wishful thinking is not going to get the job done. Instead, you’re going to have to turn immediately to your disaster response plan, because, of course, you have one of those already. Really, don't underestimate the value of planning in advance for IT infrastructure compromise. Doing it proactively means calm, considered decisions rather than reacting in a crisis.

Step one is going to be identifying the systems involved and isolating them. Once you detect a compromise, limit the spread of infection by disconnecting the devices affected. Ideally, you take only a few computers offline or disconnect an individual network. Even in a large-scale compromise, remove all affected devices from the network to contain the malware.

As part of the isolation, don’t forget to disconnect any connected devices such as storage drives. The ransomware infection will even seek out USB thumb drives.

Power down only the affected devices if you are unable to disconnect them from the network. Why? Because turning them off means you might lose potential evidence.

Malicious actors may be monitoring your business communications. So, move offline to coordinate your response. Phone calls or text messaging will work, or personal email accounts.

Don’t attempt to restore critical systems until you have identified and isolated. After that, your business can move into triage mode. Prioritize what to restore, and recover using your data backup (again, of course, you have one of those, too). Consider how critical each system is for health and safety and revenue generation. Then, get to work restoring systems in an efficient, organized fashion.

Minimizing Ransomware Risk

Ransomware is a major threat to every business sector, and you don’t want to become the next victim. Common best practices include:

  • preventing an attack with anti-virus and anti-malware tools;
  • installing email filters to keep phishing emails from reaching your employees;
  • making frequent backups and keeping them separate from your network;
  • keeping up with ransomware and other cybersecurity threats.

Businesses that partner with a managed services provider have someone supporting their efforts to cut ransomware risk. Plus, if the worst happens, the MSP’s IT experts are at the ready to identify and isolate. They can find the samples needed, determine the malware strain you are dealing with, and report the attack.

Your data backup should have recent copies of all information up to (or close to) the time of infection. So, once the MSP has removed all ransomware, they will wipe your systems and storage devices. They can swiftly reformat the hard disks and reinstall everything from scratch.


An MSP can help you plan ahead to contain the damage from a cyberattack. Let our IT experts install best practices, set up safe backups, and track activity on your network. Contact us at: