Stay up to date with the latest technology trends delivered straight to your inbox every month.


How To Respond To A Ransomware Attack

bluegrass group

How To Respond To A Ransomware Attack

If your business was hit with a ransomware attack and you received a payment demand in return for your data, how would you respond? Would you pay up or risk losing everything?

Ransomware is a form of malware virus which gets into an IT network machine, activates and then works its way systematically through all the files encrypting them with strong encryption.

Once the files have been encrypted there is currently no way to decrypt them.

Ransomware attacks are on the rise. The BBC recently reported on two Freedom of Information requests carried out by two cyber security firms.  Their findings revealed ransomware attacks are a frequent occurrence in large UK institutions, including universities and the NHS.

However, it’s not just large businesses that are risk. All businesses are at threat from cyber crime and without adequate protection in place make easy targets.

What To Do If You’re Hit With A Ransomware Attack

If you have an IT support provider call them immediately.

These are the steps we take following a ransomware attack:

  1. Immediately disconnect all network shares to slow down/stop the progress of the encryption.
  2. If we can identify which PC the virus originated from we take that device off the network. This is to stop the progress and replication of the ransomware virus, which can copy itself to other network computers.
  3. Run antimalware on all suspected computers to get rid of the virus and stop any processes using a large amount of memory.
  4. Check startup services to make sure they’re correct to prevent the virus from restarting itself.
  5. Once we’ve confirmed that no more files are being encrypted we start the restores and put the network shares back in place.

Currently, there is no way to crack the encryption key and decrypt the files. Restoring from a backup is the only option.

Should You Pay The Ransom?

The sensible advice from the police is not to pay the ransom.  However, if you do not have a full and reliable backup system that can cope with recovering the data then you may have no option.

Most cyber criminals take the ransom, return the data and then move on to their next victim.

We don’t condone the reward of criminal behaviour but the damage to your business caused by lost data could be catastrophic.

How To Prevent Ransomware Attacks

There are several ransomware protection tools available on the market. However, a good backup system is becoming critical for resolving ransomware attacks.

Backups are vital for business recovery and minimising business downtime in the event of a ransomware attack. If cyber criminals pull the plug you can recover your data in full without too much disruption and downtime to your business.

Without a full and efficient back up system it can take days or even weeks to restore data after a ransomware attack.

The Best Form Of Data Backup

Tape backups are now too slow and cumbersome for ransomware recovery.

We recommend a cloud backup solution, which means your data can be quickly restored to your business in the event of a cyber attack.

Cloud backup also provides the additional security that in the event of a disaster or IT failure your data is protected and can be recovered.

For help and advice regarding any aspect of your IT security, please contact our cyber security team via email at or by phone on 01392 207194.


Complete the form and one of our team will be in touch.

Or view our calendar and book a call when it suits you.Book Date

If you want to speak to someone today, give our team a call on 01392 796 779. We'd be delighted to help.

Find out more about our IT support packages

To speak to us today simply call 01392 796 779
or complete the form below

Please enable JavaScript in your browser to complete this form.