TMCnet Feature
June 08, 2022

What to do if You've Been Hit by Ransomware

If you’ve been targeted by ransomware, you'll know right away.

You may be unable to get access to some of your important files — or maybe even entire systems.

You may sense that something is off when the time it takes to access a document is longer than usual. Then you get a notification that sends the shivers down your spine.

Hackers have left a note that says your data can’t access and is encrypted. To obtain access to your information and files, you have to pay a ransom in their desired cryptocurrency.

What should you do if you’re a victim of ransomware, and how can you prevent such an attack in the future?

Assess the Situation

The first step is to evaluate the damage caused by the ransomware. Determine how many files have been encrypted and whether they fall into the category of essential and sensitive documents.

Once you discover the parts of the system that have been hit by ransomware, isolate them and take the network or affected devices offline.

The exact steps will depend on whether multiple systems have been targeted or only a couple of devices.

Keep in mind that the hackers are listening to your organization to discover if you've already taken the steps to mitigate the issue. Ready yourself for out-of-band communication when discussing the issue with your team.

Consult your IT teams that are responsible for responding to such incidents, cybersecurity companies, stakeholders, and federal law enforcement. They’ll have an idea of what the next steps should be and how to respond to cyber threats from hackers.

Instead of Paying the Ransom, Report the Crime

Many businesses and even government organizations have succumbed to the demands of cybercriminals. They’ve paid the price hackers requested to “make the issue go away”.

Some of the reasons that victims consider this option include:

  • The fear of your clients and customers finding out about the breach of their data
  • The inability to resume working without the encrypted files
  • The financial strain of the recovery after the attack

However, paying the ransom won’t necessarily solve the problem. In fact, you can still be targeted with ransomware, even if you do pay — at least as long as there are vulnerabilities that can be exploited by hackers.

Also, cybercriminals may not keep their word about giving you the key to your documents, either. They are criminals, after all, so your files might stay encrypted and unavailable long-term.

Another reason it’s not a good idea to pay the ransom is that this could be perceived as financially supporting criminal activity.

Instead of paying the ransom, contact the government to report the crime to authorities. The FBI, the U.S. Secret Service, and CISA are agencies that deal with this type of cybercrime. You can report the ransomware to one of the three and all the rest will be notified as well. 

Recovering From a Ransomware Attack

Analysis of the documentation after an attack with your teams will help you understand what happened and how to prevent similar incidents in the future.

Following assessment of the damage, it’s crucial to find and patch up any flaws that are within your system. This step is essential because it can remove the target from your back — prevent repeated ransomware on your system.

Analysis of the attack will show how hackers managed to get into your system to inject malware. Fix these weaknesses to prevent further attacks.

Preventing Future Ransomware Attacks

If you prepare for the next possible ransom attack, it can not only decrease the cost, but also minimize the impact in case you get targeted once more.

What can you do to prevent malware from infecting your system?

Have the tools that scan for this type of malware and that can mitigate and remove it if it tries to enter your system. Anti-malware can detect and remove known variants of this virus.

Even though they’re under the same name because they function on similar principles, ransom attacks that use malware are different depending on the attacker.

Behind the attack might be someone who found malware online or savvy hackers that know how to change the code to find weakness in your system.

Introduce employee training that warns them not to open any emails from an unknown senders, click the links in the body of the message, or download attached files.

Ransomware is malware that finds its way to the computer, mostly via phishing emails that contain this virus. While most of them will be filtered out via the built-in security of your email provider, some of them can still find their way straight to your employee’s inbox.

The second likely route via which an attacker could get into your system to infect it with malware is with stolen employee credentials. Ensure that your employees use strong passwords when logging into your system.

Most hackers will get access to passwords and employee emails if they find them leaked online. Check if there is leaked corporate intelligence of your company on the internet.

Finally, create backups of all the important files. This allows you to continue working even if your files get encrypted by ransomware.

True, more sophisticated types of ransomware also target backup files and remove them from your system. Make regular checkups and test the security of your documents.


Ransomware is an attack that has constantly been on the rise since 2017 — the year hackers figured out they can turn a profit by encrypting files.

The number of ransomware attacks is also on the rise ever since the beginning of the pandemic, leaving many organizations susceptible to cyberattacks.

If you haven’t been the victim of such an attack, it’s likely only a matter of time before hackers find the vulnerability they can use to exploit your system and inject the malware that encrypts files.

If you have been targeted with this damaging virus, report the incident and take the steps to avoid this kind of attack in the future.

» More TMCnet Feature Articles


» More TMCnet Feature Articles