What to do in the event of a ransomware attack?

Among the many cyberthreats out there, there’s one to be taken particularly seriously: the ransomware attack. This involves holding one or more computer users hostage by encrypting and blocking their data until a ransom is paid.

What needs to be done quickly?

If you are unfortunately affected by such an attack, what steps can you take quickly to limit the damage and financial losses?

Just before disconnecting your computer equipment to avoid and/or reduce the spread of the virus, be sure to relate the chronology of events as precisely as possible, with as many details as possible: date, time, identity of persons, description and characteristics of events…

Immediately after becoming aware of a ransomware attack, it is therefore essential toisolate infected equipment by disconnecting it very quickly. Think wireless connections, too! The idea is to immediately block all connections to and from the Internet.

Next, you’ll need to put the infected device(s) into extended standby mode, so as to retain the memory of the attack, its characteristics and so on, in order to deal with it as effectively as possible. During this period, it is essential to leave equipment switched off and not to use removable storage media.

In the event of a decryption key being found for this particular attack, keeping the attack history and encrypted data will make it easier to recover the data.

Creation of a crisis unit

In addition, we recommend setting up a crisis unit to deal with the attack and its consequences in terms of the dysfunctions caused, particularly in a company forced to cease operations via the Internet. The aim is to develop internal and external communication strategies for the company targeted by the attack, including the implementation of legal proceedings. The help of the Data Protection Officer will be invaluable in identifying and notifying those whose data has potentially been breached.

It’s also important that individuals and companies who have suffered a ransomware attack should be able to turn to specialist service providers to help them deal with the resulting problems. Individuals and small businesses can use the cybermalveillance.gouv.fr platform.

In any case, it’s strongly recommended not to pay the ransom: on the one hand, you can’t be sure of recovering your data, and on the other, you’re perpetuating a system that motivates crooks to continue their hacking activities.

Filing a complaint following piracy

Finally, you should file a complaint with the gendarmerie or the police. The chronology of events that the victim has drawn up in advance will prove particularly valuable.

By filing a complaint, an investigation can be launched to discover the key to decrypting the data held hostage. It also opens up the possibility of compensation if the perpetrators are caught.

In response to the upsurge in cyber-attacks, the French Ministry of the Interior plans to open an online complaints platform called THESEE in the near future.

The guide: ” Ransomware attacks, everyone concerned “published by ANSSI, details the measures and precautions to take in the event of an attack.

Test Altospam’s solutions!

Thousands of companies, CTOs, CIOs, CISOs and IT managers already trust us to protect their e-mail against phishing, spear phishing, ransomware, …