Home Uncategorized What To Do If Ransomware Attacks Your Small Business

What To Do If Ransomware Attacks Your Small Business


So you’ve taken months or years to build a seamless and sophisticated technology environment for your business. Virtually everything works as well as you expect it to, and your systems are facilitating your teams realizing your business goals. Then you arrive at work one morning, and all your mission-critical systems have vanished or are inaccessible. 

All you are met with is a screen demanding that you pay a fixed ransom via cryptocurrency if you want to get your systems back. The money demanded is often not small change, so you may not even be able to afford to pay the ransom. But even worse is that paying the ransom doesn’t guarantee the hacker will follow through on their promise. Yet, your business remains on its knees for as long as your systems and data remain unreachable. 

This is a scenario that a growing number of organizations are faced with. Unlike other forms of cyberattacks, ransomware hits the business financially both directly and indirectly. The business is asked to pay money for their data to be decrypted but also loses revenue in the form of lost customers and transactions for as long as their systems and data remain unavailable. 

Your business could be the next victim of a ransomware attack. It’s important that you prepare beforehand by knowing what you need to do. We share some practical tips below.

Get Authorities Involved

A ransomware attack is a criminal act. It’s simply an extortion racket conducted entirely on the Internet. As such, one of the first things you need to do is notify law enforcement. The Federal Bureau of Investigations (FBI) has an Internet Crime Complaint Center where you can lodge the details of the attack. 

It helps if you can provide evidence such as a photo of the ransom screen or any communication you receive from the attacker. By getting law enforcement involved, you set in motion one crucial (and free) cog of your problem resolution efforts.

Notify Customers

This is one of the hardest decisions you have to make following a ransomware attack. You’ll have legitimate fears over whether your customers will understand and bear with you. And there’s in fact no guarantee that they’ll not immediately opt to take their business elsewhere. 

Despite this risk though, letting your customers know is something you should do. Not only is it required by industry regulations, but it’s also better for them to learn about it from you as opposed to from a third party. It’s a sign that you are aware of the situation and are doing everything possible to resolve it.

Procure New Solutions or Upgrade Existing Ones

Following a successful ransomware attack, take a step back and ask whether your existing security systems are adequate. Perhaps your antivirus programs weren’t up-to-date. Maybe your servers aren’t patched. 

It could also be that your current system of firewalls, intrusion prevention systems, antimalware, and other security tools isn’t sufficient to deal with the threat. You may want to start searching for a new solution that delivers a higher degree of ransomware protection. 

Back up Important Data

You can protect your information from ransomware by maintaining a backup. Hard copy backups would be great as these would ensure they are completely out of reach. However, the enormous volume of data the average organization handles today means hard copies would be impractical. 

A more realistic approach would be to have an automated  backup (preferably cloud backup solutions for small business) that you could revert to and use to resume operations as you wait for the problems in your production environment to be resolved.

Monitor and Train Employees

Ransomware will often exploit the action or inaction of an authorized user in order to deploy successfully or spread. Your employees must, therefore, understand their role in preventing or containing a ransomware attack. That is best achieved by having training and awareness sessions before, during, and after an attack. 

Training may include instructions on how to identify and avoid high-risk sites, the escalation procedures to follow if they suspect an attack is in progress, and how they can continue to execute their role as they wait for the main system to be restored.

No two ransomware attacks are identical. Nevertheless, the principle and technique is the same across the board. By applying these tips, your business has a better shot at emerging from a ransomware incident virtually unscathed.