How to Handle a Ransomware Situation at Your Company


Let’s say your company has been infected with ransomware.

Your systems are down, you can’t access your data, and you’ve received an email notifying you that you have X amount of time to pay X amount of dollars or bitcoin.

And if you don’t pay up in the specified amount of time? The ransom increases.

Does your company have a plan for this type of situation right now? Do you if you’d pay or what action you would take?

If not, you should. Incidents of ransomware infections are increasing at a shocking rate. The cybercriminals who create these campaigns target everyone— from individuals and small organizations to large enterprises and even entire city-level governments.

So, what do the experts recommend companies do when they’re being ransomed? Are you supposed to pay up or refuse to pay and handle it on your own?

In the following article, we’ll dive deep into this issue and answer the most fundamental questions concerning how to respond after a ransomware infection at your business.

How to Handle a Ransomware Situation: Top Questions Answered

1. Should you pay the ransom?

For Jeff Locuson, Technician at NexgenTec, “The short answer is no.” In fact, no way, don’t pay is the resounding response from all cybersecurity and IT specialists who were asked.

Why not pay?

First of all, says Locuson, “Companies should be regularly backing up their data in order to avoid making a payout to ransomware attackers. Paying for data that is being held hostage only shows how ill-prepared and vulnerable your network and systems are.”

In other words, if you plan ahead and employ the right backup policies, the issue of whether or not you should pay the ransom will be obsolete. Bryan Ferrario of Alliance Tech Partners says to back up everything, including “data that resides on your PCs, servers, and in the cloud (including Office 365).”

Charles Lobert, VP of Sales and Marketing at Vision Computer Solutions, says to be diligent about making sure your backup plan meets your specific requirements: “Make sure it backs up within whatever threshold works for your business (though I recommend every 24 hours) so you don’t lose too much data and can restore in a faster timeframe.”

Phil Cardone of Radius Executive IT Solutions also notes that your company should, “Be proactive and [paying] professionals to ensure you backup your data.” In other words, mastering a streamlined backup policy should be left to the experts. Hire it out, and don’t try to do it yourself. Only the pros know how to adequately update and store backups so that they can’t be affected by possible ransomware and other malware. Ferrario agrees: “It is advisable to engage with an IT Managed Service provider to architect the best backup strategy for your organization.”

Cardone goes on to recommend being “diligent about testing the backups and your disaster recovery procedures.”

In addition to backing up, most experts stress the importance of training your staff in social engineering strategies employed by cyber criminals. “Staff training in cybersecurity is a must,” says Tektonic Inc.’s Jorge Rojas. “Most times a user clicks on a link or opens an attachment that triggers the attack.”

Planning ahead is clearly the key here.

Unfortunately, in some situations in which you do not have backups of your data, paying may be an option you could consider. Still, hiring a cybersecurity team even after you’ve been ransomed and attempting to have them find a fix should be your first line of defense.

If the team you hire can get you back online with your data, they will. Otherwise, they’ll present you with your best worst-case-scenario options — one of which may include paying the ransom. Ian Brady of Steadfast Solutions says, “We have paid only once. In the case it was a new customer that we hadn’t onboarded and there wasn’t any recovery option available.”

2. If you do have to pay, can you be assured you’ll get your data and files back?

Again, the short answer is no — unfortunately not.

While it may be an option you and your IT team entertain, paying a ransomware ransom is still no guarantee that you’ll get access to your systems or your data back.

Motz Technologies LLC’s Greg Motz says, “Even if a ransom was paid, it’s no guarantee that the data will be returned. There have been several high-profile cases where a ransom was paid and the hacker was never heard from again.” Again, “If you’re doing things properly,” Charles Lobert says, “you should never have to pay it.”

But let’s just say for the sake of argument that you’ve decided to pay and you want the best chance of actually getting back what you’re paying for. In this case, Ilan Sredni of Palindrome Consulting says that:

“One of the strategies that can be implanted is negotiating a return of data per server, so that you can prioritize what servers are retrieved first, should the negotiations break down before everything is restored.”

3. Will you become a bigger target if you pay?

The consensus among cyber experts is that, yes, you will become a bigger target for cyber criminals if you pay the ransom the first time.

Cybersecurity expert Don Baham says, “Paying the ransom most certainly emboldens cybercriminals to continue their effort to interrupt businesses of all sizes for the purpose of a large payout.”

Ransomware attacks are only expected to worsen and become more prevalent in the coming year. Any sized business may be at risk. Knowing what you would do if you became a target and planning your strategy now can help your business be adequately prepared.