Close Menu
    Facebook LinkedIn YouTube Instagram X (Twitter)
    Blue Tech Wave Media
    Facebook LinkedIn YouTube Instagram X (Twitter)
    • Home
    • Leadership Alliance
    • Exclusives
    • Internet Governance
      • Regulation
      • Governance Bodies
      • Emerging Tech
    • IT Infrastructure
      • Networking
      • Cloud
      • Data Centres
    • Company Stories
      • Profiles
      • Startups
      • Tech Titans
      • Partner Content
    • Others
      • Fintech
        • Blockchain
        • Payments
        • Regulation
      • Tech Trends
        • AI
        • AR/VR
        • IoT
      • Video / Podcast
    Blue Tech Wave Media
    Home » 10 steps to take after a ransomware attack
    Ransomware attack
    Ransomware attack
    Fintech

    10 steps to take after a ransomware attack

    By Fiona HuangMay 8, 2024No Comments5 Mins Read
    Share
    Facebook Twitter LinkedIn Pinterest Email
    • A type of computer virus known as ransomware, also called malicious software or malware, locks your computer and sends out a notification requesting payment to unlock your data.
    • Prevention is the best form of defence when it comes to ransomware.
    • There are 10 steps you can take after a ransomware attack, such as staying calm, taking photo, reporting, quarantining systems, securing backups, decryption tools, etc.

    Ransomware is a type of computer virus, also called malicious software or malware, that locks your computer and sends out an alert demanding payment for the return of your data. Cybercriminals typically target businesses and governments in hopes they’ll pay big bounties to release files and restore critical systems. But ransomware attacks happen to regular computer users as well.

    When it comes to ransomware, prevention is the best defence. You or your business may frequently find yourself in the middle of a ransomware attack if you don’t have strong preventative security measures in place.

    Here are 10 steps you should take following a ransomware attack.

    1. Stay calm

    When you are unable to access crucial files on your computer, it becomes challenging to maintain composure. However, the first thing to do after being infected with ransomware is to remain composed and calm.

    Most people don’t consider the seriousness of the situation before they hastily pay the ransom. Negotiations with the attacker may occasionally be possible if you remain composed and take a backseat.

    2. Take a photo of the ransomware message

    Remember that using ransomware is illegal. Indeed, it is still possible to prosecute hackers for felonies if they spread ransomware and extract less than $1,000 from their victims. Take a picture of the ransomware message that appears on your device before reporting an attack. This can be accomplished with a smartphone, a camera, or, if practical, a screenshot. 

    3. Report the ransomware

    If your company works with an external IT team or cybersecurity firm, alert them to the attack, so they can begin evaluating the extent of the damage. If your company has a ransomware insurance policy, contact your insurance provider to let them know what’s happened.

    Finally, report the attack to the FBI. You can contact your local FBI field office, which may be able to provide support with tracing how the attack occurred in the first place.

    Also read: AI: The opportunities and the threats

    4. Quarantine affected systems

    Disconnect the affected computer from your network. While the ransomware may have already infiltrated your network, you reduce this likelihood as well as it has reached your backups by isolating the attack. This is especially true if you use cloud backups. Disconnecting the affected computer helps stop the ransomware in its tracks.

    5. Secure backups

    While backups play a crucial role in remediation, it’s important to remember that they are not immune to ransomware. To thwart recovery efforts, many modern ransomware strains will specifically target a company’s backups and try to encrypt, override or delete them.

    In the event of a ransomware incident, organisations must secure their backups by disconnecting backup storage from the network or locking down access to backup systems until the infection is resolved.

    6. Disable maintenance tasks

    On impacted systems, organisations should immediately turn off automated maintenance tasks like log rotation and temporary file removal because they can tamper with files that forensics teams and investigators may need.

    File logs, for instance, could provide crucial hints about the original point of infection, and certain ransomware variants with weak programming might store crucial data—like encryption keys—in temporary files.

    7. Look for decryption tools in your antivirus software. 

    A decryption tool of some kind is included in good antivirus software to assist in removing ransomware without caving into the demands of the hacker. Use your antivirus program to search for decryption tools. If your software isn’t working, try searching for a decryption tool online with a different device (a smartphone using cellular data is safe).

    Also read: What is open banking? A short guide

    8. Identify the attack variant

    You can use free tools like ID Ransomware and Emsisoft’s online ransomware identification tool to identify the type of ransomware.

    Users can upload a sample of the encrypted file, any ransom note that was left behind, and, if available, the attacker’s contact details using these services. The type of ransomware strain that has affected the user’s files can be determined by analysing this data.

    9. Reset passwords

    If a hacker manages to get access to your computer, they can also retrieve any passwords you store in your operating system keychain or web browser. After your operating system has been restored, proceed to change as many passwords as you can. Making each one distinct from the ones you used before the hack is also a good idea, as a hacker with access to your list of passwords will eventually be able to decipher your new ones.

    10. Decide whether to pay the ransom

    If backups are damaged and there is no appropriate decryption tool available, organisations may be tempted to pay the ransom to recover their files.

    While paying the ransom can help reduce disruption and may be cheaper than the overall cost of downtime, it is not a decision that should be taken lightly. Organisations should only consider paying the ransom if all other options have been exhausted and the loss of data will likely result in the company going out of business.

    A ransomware attack can happen at any time, so it’s important to know how to respond quickly if your organisation’s network is attacked. Alerting other parties to the attack and quickly isolating the affected part of your network is key to minimising damage. After a ransomware attack, it’s essential to fully audit your network to make sure the attackers have been removed, and that there’s no remaining ransomware.

    ransomware attack steps
    Fiona Huang

    Fiona Huang, an intern reporter at BTW media dedicated in Fintech. She graduated from University of Southampton. Send tips to f.huang@btw.media.

    Related Posts

    Should RIRs be immune from ICANN oversight?

    July 25, 2025

    Who is Prabha Divanandum Chinien? The role of the Mauritius Registrar of Companies

    July 25, 2025

    IVeri Payment Technologies: Multi-Channel Payments

    July 25, 2025
    Add A Comment
    Leave A Reply Cancel Reply

    CATEGORIES
    Archives
    • July 2025
    • June 2025
    • May 2025
    • April 2025
    • March 2025
    • February 2025
    • January 2025
    • December 2024
    • November 2024
    • October 2024
    • September 2024
    • August 2024
    • July 2024
    • June 2024
    • May 2024
    • April 2024
    • March 2024
    • February 2024
    • January 2024
    • December 2023
    • November 2023
    • October 2023
    • September 2023
    • August 2023
    • July 2023

    Blue Tech Wave (BTW.Media) is a future-facing tech media brand delivering sharp insights, trendspotting, and bold storytelling across digital, social, and video. We translate complexity into clarity—so you’re always ahead of the curve.

    BTW
    • About BTW
    • Contact Us
    • Join Our Team
    TERMS
    • Privacy Policy
    • Cookie Policy
    • Terms of Use
    Facebook X (Twitter) Instagram YouTube LinkedIn

    Type above and press Enter to search. Press Esc to cancel.