Responding to a ransomware attack

Know what to do if your business experiences a ransomware attack

Ransomware victims: what should you do?

Ransomware is malicious software (malware) that encrypts a company’s or user’s files and restricts access until ransom is paid. Ransomware demands can be as high as $4 million, and the cost of ransomware attacks increases every year.¹ If you have files that are valuable to you or contain sensitive client information, you may be a target of a ransomware attack. As a business leader, your Incident Response Plan should include strategies to respond to a ransomware attack.

If you suspect your system has been compromised:

1. Isolate the attack.

Disconnect affected devices from the wireless or wired network, shared storage, and any other computers. This prevents the ransomware from spreading. Disconnect or shut down any devices that share a network with the affected device.²

2. Secure backups.

Confirm that your backup data remains secure. Scan backup files for malicious software, if you can do so safely.

3. Identify the source.

Using evidence on the affected computer, an expert can identify the malware strain and its source.³ If you don’t have an internal expert, you can contact a local information technology or cybersecurity firm.

4. Reboot and restore the device.

Once malware is removed, restore the device from the backup. Your operating system may have instructions for rebooting.

5. Make a report.

Ransomware victims can report attacks to your local FBI field office, or to the Internet Crime Complaint Center. Gather any details you have, like contact information, payment information, or other source details to share.

Call your local branch to discuss options to protect your accounts. First Financial Bank offers additional ID security on your online accounts and we are dedicated to protecting your hard-earned assets.