With the ease of internet access, ransomware has become one of the major threats in businesses, including big companies. When the malware attacks, it encrypts your important data such that you can’t access it unless you pay the ransom. The hacker expects you to pay the amount of money they specify in exchange for the decrypting key. Ransomware can cripple a business, and the consequences are fatal. So, if you find yourself a victim of ransomware, here are the first steps you need to take.

Locate and Isolate

The first and foremost thing you should do is locating the infected files and isolate them from the rest. Determine the extent and how far the virus has spread. Disconnect all the infected computers from the network so that you can deal with them. However, if the infection has spread across the entire network, you might have to shut everything down to avoid further spread. Quickly determine the magnitude of the infection since this will help you decide the actions to take. 

While doing this, avoid using traceable means of communication since the hackers will be monitoring you to see if you have discovered the malware and taking caution. Using inbound communication will tip off the attacker and could release more ransomware before you go offline.

Report the Attack

Isolating the infected machines will prevent more spread. However, you need to keep everything else intact and report to the authority. Agencies like CISA could need some of the information to carry out their investigation. The agency may require a sample of the malware, images of the system infected, and the ransom amount. They may also request for the wallet used by the attacker and some copies of communication between your business and the attacker. This information could be useful in leading the investigators to the attacker.

Format and Restore

After isolating the infected computers, it’s time to deal with them individually. If the authority will not need them during their investigation, you can clean the drives and restore the data if you had a backup. Make sure that the data you backed up is clean before restoring it into the drives. If your data was not backed up, you will have to decrypt the encrypted. Make sure you keep the encrypted files since the attacker could come back. 

No matter the situation, don’t pay the ransom. If you do so, you will be funding more criminal activities, and the worst thing is, your data may not be decrypted even after paying. Paying up will also be some kind of encouragement to the criminals to continue with the malicious attacks. Generally, get used to the fact that the data is already in public and know how you will deal with it.

Call the Experts

Remember that ransomware will affect your operations and financial situation. It can also go to an extent of destroying your reputation and exposing your business secrets to your rivals. You may also lose your company value should the attacker trade it publicly. So, if you don’t know how to act fast, consider getting a cyberattack response team. Most of these people help companies to deal with malware attacks. The experts will investigate the source of the ransomware and remove it as soon as possible.

Inform your Customers

To avoid losing your good reputation and being held liable, you must inform all the stakeholders and investors about the ransomware attack. You will be liable if you fail to disclose this information as soon as it happens. You could lose your existing customers but don’t worry, you will be able to recover soon. The important thing is to let them know so that you avoid more damages. If your customer’s data is stolen and used for the wrong reasons, your business may be held liable for any damages the client will incur. So, inform them early enough and remember all is not lost.


After the devastating ransomware experience, you don’t wish to deal with another one. Take any measures that will help you prevent the attack in the future. Installing a firewall and encrypt your network so that the attackers cannot intercept. You also need to train employees on cybersecurity measures. Taking these measures is not a 100% guarantee that you can be attacked. However, they prepare you on what to do should anything go wrong.