The 6-Step Ransomware Response Plan

The 6-Step Ransomware Response Plan
The 6-Step Ransomware Response Plan

In the past year, ransomware has become one of the biggest threats to businesses across the globe. If you are not familiar with ransomware, it is a type of malware that locks users out of their computers or encrypts their files until a ransom is paid. Unfortunately, many businesses have fallen victim to ransomware attacks and have had to pay large sums of money to get their data back. This blog post will outline a six-step ransomware response plan that will help you protect your business from these attacks.

Step One: Disconnect Everything

First things first, you need to disconnect everything as quickly as possible. This includes computers, servers, phones, and any other devices that may be infected. By disconnecting everything, you can help reduce the chances of the ransomware spreading to other devices.

Step Two: Assess the Damage

Once you have disconnected everything, it is time to assess the damage. This includes figuring out what files have been encrypted or locked and determining the extent of the infection.

Step Three: Was Anything Stolen?

Another thing you need to figure out is if anything was stolen during the attack. This includes sensitive data, financial information, and any other confidential information.

Step Four: Identify What Ransomware is Used

In order to effectively respond to a ransomware attack, you need to identify what ransomware is being used. This includes knowing the name of the ransomware and any specific characteristics that make it unique.

There are plenty of ways you can do this, whether you’re literally looking it up online, searching for symptoms, using software to identify it, or enlisting the help of a professional malware/ransomware service, such as cyber security Perth.

Step Five: Understand Your Options

Depending on the steps above, it’s now time to address the issue, and this means looking at all your options and deciding what’s best for you. Some of your options include;

Restoring from a previous backup: It’s possible to reset everything (as long as your backup files are intact and aren’t affected by the ransomware, you can simply delete everything and restore from the past file. However, while effective, this can take a huge amount of time and may not be feasible if you’re dealing with terabytes of data.

You may be able to upload shadow copies of your data, but only if they’re available.

Use a Third-Party Decryption Service: Depending on what ransomware you’ve been infected by, you may be able to use a third-party decryption service online to help rid the ransomware from your system. Just make sure you’re using a reliable, trustworthy third-party supplier to get your software. It may help to use a professional service to ensure there are no issues.

Leave It Alone: While probably not the best approach, if you’re not really concerned about the ransomware, then you could just leave it be and move on. You could just reset your machines, fresh install all your software, and carry on as normal. If none of your files were infected, then this won’t cause any issues.

Pay the Ransom: Again, this isn’t really advised, but it is an option. If you have no options, then you may need to think about paying the ransom, but never do this without the help of a professional negotiator who can help you get the best outcome.

Remember, you can notify the authorities that ransomware attacks are attacking you, but if the criminals are operating on the other side of the world, then they can’t really do too much about it, which is why you need to be proactive in how you respond.

Step Six: Protect Yourself from Future Attacks

The final step is to protect yourself from future attacks. This includes implementing security measures that will help keep your business safe from ransomware and other malware threats.

The sad truth is that many ransomware victims will be attacked more than once because the criminals know they can make the software work within your business. The best thing to do is to adopt a multi-layered strategy.

This means recording regular back-ups of your business, both at a software and hardware level, training your staff and tech users to be aware of the issues to reduce the risk of contracting ransomware in the first place (such as being careful to open files and having strong, unique passwords, and using state-of-the-art defenses, including firewalls, malware detection, anti-phishing commands, and so on.

The more defenses you have in place, the safer your business will be from the dangers of ransomware.


As you can see, when faced with a ransomware attack, the most important you need to do is act fast and efficiently. The trick is to be as proactive as possible to reduce damage, protect your business and reputation, and patch the problems, so you don’t fall victim again.

Jennifer Thomas
Jennifer Thomas is the Co-founder and Chief Business Development Officer at Cybers Guards. Prior to that, She was responsible for leading its Cyber Security Practice and Cyber Security Operations Center, which provided managed security services.