How to Respond and Report Ransomware Attacks

Report Ransomware Attacks

How to Respond and Report to a Ransomware Attack

If you are asking yourself how to respond and report ransomware attacks, our sincere condolences.  This will be a stressful time.  These tips will help you prevent additional unnecessary strain on business operations.

Before you go ‘guns blazing’ to respond to a Ransomware incident, review the following checklist to make sure you do not make the situation worse than it already is; remember, this is and needs to be a well thought out process.

Important: Disconnect all infected machines from the internet and then perform the following steps.

Situation Analysis

You believed you had protection. You’ve heard about this occurrence with other businesses, but you never anticipated it happening to you. Ransomware attacks frequently strike when you least expect it, precisely when it benefits the cyber criminal the most. In numerous instances, your system had been compromised well in advance.

Remember, cyber criminals aim to coerce you into paying their ransom. They have often infiltrated your system long ago, erased backups, evaded controls, and deliberately selected this precise moment to launch their attack. They wage cyber war and are resolute in their determination to emerge victorious.

1) Take a very deep breath and realize that it can take a few weeks to recover from a ransomware attack.

During this event, you will require the support of your employees, suppliers, and trusted partners. It is crucial to have allies by your side. Refrain from succumbing to the temptation of assigning blame or making impractical demands of those surrounding you.

In the majority of cases, the incident was a result of an internal employee clicking or opening a file attachment, and it is highly improbable that this was done intentionally. There will be an appropriate moment to review the details, extract valuable lessons, and implement preventive measures to avert such incidents in the future.  In this moment, keep your friends and partners close.

2) Contact your commercial insurance carrier.

Your insurer can guide you in the right direction. They have dealt with similar phone calls in the past. Take a few minutes to inform them about the challenges you are facing, and you might be pleasantly surprised to discover the resources they have available to assist you in responding to this significant incident.

3) Contact the FBI.

You were the victim of a crime. Take the time to contact your local FBI field office and ask them for assistance. This is why you pay taxes. You can also submit a tip online.  Additionally, it is recommended that you file a report with the FBI’s Internet Crime Complaint Center (IC3).

4) Discuss your backup situation with your Trusted IT Provider.

After a Ransomware attack occurs, the ONLY solution will be to restore from backups.  You will need to wipe clean the infected operating systems. Also, you need to take steps to harden the unaffected endpoints on your network.  As a result, the cyber criminals possess the exclusive key required to decrypt your files. While in very rare cases there is a decryptor available, unfortunately, decryptors do not have a good track record.

This is one reason backups become vital in the process of responding to a ransomware attack.  Understandably, the FBI does not like to see companies paying a ransom.  This encourages future criminal activity.  Also, there are cases where you still won’t be able to recover your files, or you are simply re-hacked after having paid.  Paying the ransom should be the absolute last step you take.  Talk to experts before you engage in discussions with cyber criminals.


These tips assume that your IT company is already engaged.  Specifically, do make the phone call to your insurer before anyone goes around running tools, wiping drives, and trying to quickly fix the situation.  Beyond unplugging your machines from the internet, do not start trying fixes before you’ve performed the above steps.

Keep in mind, hackers are already in your system.  How are they going to respond to seeing you actively trying to avoid paying them their ransom?  Disconnect from the internet wherever possible.  Make a few phone calls to experts who can assist in constructing a proper incident response plan.


Fizen™ is an Enterprise provider of IT Services. Please contact us directly if you have additional questions.