how should company handle ransomware

A Complete Guide to Handling Ransomware Attacks for Businesses

Let me ask you a cybersecurity-related question.


What would you do if your laptop got hit with a ransomware attack? How would you react, and what would the impact of it be on you and your business?


How would you handle the ransomware cyber attack or data breach, and who would you contact? Do you have a ransomware incident response plan? Do you have an overarching cybersecurity strategy for your entire business?


Suppose the answers to the above questions were all Yes, WELL DONE! You are part of the 14% of businesses that have taken your business and its cybersecurity seriously.


For those that answered a few (or all) No’s, then don’t panic! You have arrived at the right place. In this blog, I will go through what ransomware is, why you need to be aware of it, what you need to do about it and how you can keep your company cyber secure.


By the time you finish this article, I want to have either had a call from you to ask how we can help further, OR I want you to address some (ideally all) of the things highlighted in this blog post.


Ready? Let’s go!


What Is Ransomware?

Ransomware is a form of malicious code/software which, when executed, encrypts all your data, making it impossible to access or read. The attacker (or creator of the ransomware) would request a payment to be made (usually in bitcoin) before they will release a decryption key. Without this decryption key, your data would be inaccessible and useless on the infected devices.

When was Ransomware discovered?

Ransomware was first discovered in the late 1980s and early 1990s, although the early versions were relatively unsophisticated compared to today’s malware.


The first known ransomware attack, the AIDS Trojan, was detected in 1989 and spread via floppy disks. Since then, ransomware has evolved significantly, with more advanced encryption algorithms and distribution methods that make it much harder to detect and remove.


The proliferation of cryptocurrencies has also made it easier for cybercriminals to demand and receive ransom payments anonymously, fueling the growth of ransomware attacks in recent years.


What Is The Financial Impact Of Ransomware Attacks?

Ransomware attacks can cost your business its livelihood and existence and run into thousands, if not millions, of pounds.


How? Let’s look at the five key areas:


Paying the ransomware creators: Whilst this is never recommended, some companies have paid the ransom to obtain the decryption key. This figure can run into thousands of pounds and usually depends on how big your company is and what its turnover is


2. Downtime: It is highly likely that once your business has had a ransomware attack, large parts of the network and servers will be switched off. This is usually to stop any further damage from occurring. Unfortunately, this means that the company’s employees will not be able to work and will lose time.


Backup and Recovery: The recovery process from a ransomware attack will require the IT team (and likely external partners) to work through what has happened and how to restore and recover services safely. This has a huge cost implication for the business.


Legal Implications: You may have to notify various entities about the cybersecurity attack, which will likely require investigations.


Reputation damage: A ransomware attack can make people not want to do business with your company anymore because they don’t trust the company to keep their information safe. This can result in lost business and long-term financial impacts.


How Does Ransomware Work?

The ransomware is semi-intelligent and knows how to bypass some standard detection engines. This often means a user may not even know if they have been infected until it’s too late.


Below is the most common order of events that a ransomware attack follows:



Step 1: a hacker sends an email with an attachment to a malicious link.


Step 2: The email would bypass the spam filter and arrive in the user’s mailbox.


Step 3: The user receives the malicious email, clicks a link, or downloads an attachment.


Step 4: The antivirus fails to block the threat.


Step 5: Malware XYZ.exe is delivered, and the software is executed onto the user’s machine. This is the start of a successful attack.


Step 6: The user’s files are encrypted by the malware. This is now an infected computer.


Step 7: A ransom note typically asks for payment in untraceable bitcoin.


Step8: Attackers move laterally across an organization to spread the virus and maximize the effectiveness of the attack.


If you get to step 8, it’s too late, and the damage is likely done. At this stage, it is about damage limitation and forensically trying to ascertain what has happened and where has it impacted.


How Ransomware Works

How To Prevent Your Business From Being Hit By Ransomware?

We want your business to be protected against all forms of ransomware.


To do this, we have shared eleven of the most critical things you need to do to reduce the risk of ransomware compromise:


Regularly back up essential data: Your recovery is only as good as its backups. Make sure you back up your sensitive data, copy it to another site and ensure the backup set is encrypted so only you can decrypt and recover it.


Keep software and operating systems up to date: Regularly update software and operating systems to patch vulnerabilities that a ransomware threat can exploit.


Use anti-virus software and firewalls: These tools can help detect and block a ransomware infection.


Train employees on how to identify and avoid ransomware: Provide regular training to your employees on how to identify and avoid phishing scams, suspicious emails, and attachments.


Limit user privileges: Limit the privileges of employees to prevent them from downloading and installing unauthorized software.


Use strong passwords and multi-factor authentication: A password alone is not secure. You must enable two-factor authentication, so there’s more than just password securing access.


Implement network segmentation: Ransomware spreads through the network, so creating network segmentation with firewall restrictions will limit its spread across the company.


Conduct regular vulnerability assessments: All software and hardware have vulnerabilities. Performing weekly or monthly scans will identify issues which you can then resolve.


Develop a cyber incident response for ransomware attacks, including communication with employees, customers, and other stakeholders. During an attack, always ensure you report ransomware attacks.


Purchase cyber insurance: Consider purchasing cyber insurance to protect against losses from ransomware attacks.


Regularly test your backups and disaster recovery plan: Regularly test your backups and disaster recovery plan to ensure that you can quickly restore your systems if they are compromised by ransomware.


How Your Company Should Handle A Ransomware Attack

We want you never to experience a ransomware attack, which is very stressful. The impact on the business, employees and customers can be significant.


However, not being prepared is the worse thing you could do!

Here are nine critical actions you should be prepared to do:


Isolate the infection: When you detect the ransomware, isolate the infected system to prevent it from spreading to other systems on your network.


Notify key stakeholders: Critical stakeholders such as senior management, IT staff, and legal counsel about the attack.


Determine the scope of the attack: Identity which systems have been affected by the ransomware and assess the impact on your business operations.


Assess the ransom demand: Assess the ransom demand and determine whether paying the ransom is feasible, considering the potential risks and benefits.


Contact law enforcement: Report the attack to law enforcement to assist with the investigation and potentially recover your data.


Restore from backup: If you have backups of your data, restore your systems from the backups to recover your data and minimize downtime.


Implement additional security measures: Implement additional security measures to prevent future attacks, such as upgrading your security software, improving employee training on cybersecurity best practices, and conducting regular vulnerability assessments.


Communicate with stakeholders: Communicate with customers, employees, and partners about the attack and its impact on your business operations.


Password resets: Reset all/any critical administrator passwords that could have been compromised. It is generally best practice to do this in any event.


It’s important to note that paying the ransom is not recommended as it encourages attackers and does not guarantee the safe return of your data.


By following these steps and implementing additional security measures, you can help prevent future ransomware attacks and minimize the impact of any attacks that do occur.


What are the most common types of ransomware attacks targeting businesses?

Here are nine of the most common types of ransomware attacks that target businesses:


WannaCry: This ransomware attack exploits a vulnerability in Microsoft Windows and spreads quickly across networks, encrypting files and demanding payment in exchange for the decryption key.


Petya: Similar to WannaCry, this ransomware attack also exploits a Windows vulnerability and spreads through networks, but it overwrites the master boot record (MBR) and demands payment for the decryption key.


Locky: This ransomware attack is spread through malicious email attachments and encrypts a victim’s files, demanding payment in exchange for the decryption key.


Cerber: This ransomware attack is spread through spam emails and encrypts files, while also threatening to publish stolen data if payment is not made.


Jigsaw: This ransomware attack encrypts files and threatens to delete them if the ransom is not paid. It also gradually deletes files over time if payment is not made.


CryptoLocker: This ransomware attack encrypts a victim’s files and demands payment for the decryption key, often spread through phishing emails.


SamSam: This ransomware attack targets vulnerabilities in servers and encrypts files, demanding payment for the decryption key.


GandCrab: This ransomware attack is spread through malicious email attachments and encrypts files, demanding payment in cryptocurrency for the decryption key.


Maze: This ransomware attack encrypts files and threatens to release stolen data if payment is not made publicly. It is often spread through phishing emails or by exploiting unpatched vulnerabilities.


Businesses need to take steps to protect against these common types of ransomware attacks, such as implementing strong security policies, regularly backing up data, and keeping software up to date.


Don't become a statistic! These ransomware statistics are worrying

Below are seven statistics courtesy of these guys:


1. Ransomware cost the world $20 billion in 2021, which is expected to rise to $265 billion by 2031. (Coveware, 2021)


2. The average fee requested for a ransom was $5,000 in 2018, but it increased to around $200,000 in 2020. (National Security Institute, 2021)


3. According to a survey, 66% of the responding organizations were affected by some ransomware attack in 2021. (Sophos, 2022)


4. So far in 2021, we’ve seen the largest ransomware attack payout to $40 million made by an insurance company, setting a new world record. (Business Insider, 2021)


5. Ransomware attacks are so prevalent that experts estimate that in 2021, one will occur every 11 seconds. (Cybercrime Magazine, 2019) 


6. We are seeing a 600% increase in malicious emails since the start of COVID-19. (ABC News, 2021)


7. There were 236.1 million ransomware attacks worldwide in only the first half of 2022 (AAG, 2022).


Article You May Want To Read:  Teck Genius Cyber Security Services

Frequently Asked Questions - How Do I Respond To Ransomware

Is it ever a good idea to pay the ransom demanded by the attackers?

You should never pay the ransom demanded by the attackers. Experience has shown us that it leads to more cyber attacks on the company and its employees as the hackers share the vulnerability across the dark web.

How do ransomware attackers typically gain access to a business's systems?

Ransomware threats are usually in attachments or links in emails. Once a user clicks on them, a payload is downloaded and executed, which begins to wreak havoc on the device and network.

Can antivirus software prevent ransomware attacks?

Antivirus solutions such as SentinelOne can help prevent the payload of ransomware attacks and keep your devices and networks protected.



Ransomware attacks are on the rise, and they can cause significant damage to businesses.


Businesses must be prepared to handle ransomware attacks effectively to minimise the impact.


In this complete guide to handling ransomware attacks for businesses, we’ve outlined the steps your company should take if you’re targeted by a ransomware attack.


From isolating the infected system to restoring from backups and communicating with stakeholders, following these steps can help minimise damage and reduce the chances of paying the ransom.


By implementing additional security measures and regular employee training, businesses can significantly reduce the risk of falling victim to a ransomware attack.


If you need any help with your cybersecurity strategy or want to talk about this blog and have some questions, please feel free to contact us. We always offer a no-obligation chat and are always happy to help