Maybe an employee clicked on a bad link. Maybe a manager downloaded a PDF from someone they thought they could trust. Whatever the case may be, your files are now encrypted and a hacker is demanding millions in payment for your information.
So what are you supposed to do now?
Contact Authorities
The first thing to do when you discover an attack is to contact law enforcement, as well as your current IT professionals.
Disconnect
Remove the infected computer from the network it’s currently on. Make sure to turn off Wi-Fi and Bluetooth, and unplug any external hard drives or USB drives. Do not touch any files or antivirus software, just leave those for now.
Extent of the Issue
You’ll need to know how much of your IT infrastructure was affected. Check for signs of encryption for any of the following, if the original computer had access to this information:
- Shared drives or folders
- Network storage
- External hard drives
- Thumb drives
- Cloud storage (Google Drive, DropBox, etc)
Consider the Strain
Different types of ransomware can be costlier, or have different payment systems (ex. Bitcoin) than others. Having more information on which version of ransomware you’ve come into contact with may aid in resolving the issue sooner.
Respond Accordingly
Once you know what you’re up against, you have four options.
- Restore your files from a backup
- Decrypt your files via a 3rd party decryptor, which is unlikely to work
- Do nothing and lose your data
- Negotiate or try and pay the ransom
0 comments on “I’m Being Held For Ransom.. Now What?”