Getting that ransom note on your screen is one of the worst feelings a business owner can experience. We have walked several Los Angeles businesses through ransomware recovery and I want to share what we have learned so you know what to do if it ever happens to you.
The first few minutes after discovering ransomware are critical. What you do right now determines whether you lose a few hours of work or a few months of data.
Step One: Disconnect Everything
The second you realize ransomware is on your network, start unplugging computers from ethernet cables and turning off Wi-Fi. Ransomware spreads fast across connected devices. The quicker you isolate infected machines, the less damage gets done.
Do not turn off the computers though. Some ransomware encryption can be partially reversed if the machine stays on. Just disconnect it from the network.
Step Two: Call Your IT Team
If you have a managed IT provider, call them immediately. This is an all-hands situation. If you do not have an IT team, this is when you realize you should have had one. Finding help in the middle of a crisis is expensive and stressful.
Your IT team needs to assess the damage, figure out what type of ransomware you are dealing with, and determine how far it spread before you caught it.
Step Three: Check Your Backups
This is the moment of truth. If you have good backups that were not connected to your network when the ransomware hit, you can restore your data without paying the ransom. If your backups were on a network drive that also got encrypted, you have a much bigger problem.
This is exactly why we tell every client to keep at least one backup copy offsite or in the cloud with separate credentials. Ransomware cannot encrypt what it cannot reach.
Should You Pay the Ransom
The FBI says no. We agree. Paying does not guarantee you will get your data back. Some ransomware gangs take the money and disappear. Others give you a decryption tool that only partially works. And paying makes you a target for future attacks because they know you will pay.
That said, we understand the desperation when your entire business is locked up and you do not have backups. This is a decision only you can make, but good preparation means you should never have to face it.
Preventing the Next Attack
After recovery, you need to figure out how the ransomware got in and close that hole. Usually it was a phishing email or an unpatched vulnerability. Strengthen your email security, update all software, improve your backup strategy, and train your employees.
Falcon Pros helps Los Angeles businesses recover from ransomware and build defenses to prevent future attacks. If you are currently dealing with ransomware or want to make sure you never have to, call (323) 441-6834 right now.