horror story: A hospital that was breached, a school that was attacked, a business that had terabytes of data suddenly locked up one morning and held for a million-dollar ransom.
In the unfortunate scenario you find yourself attacked by ransomware, here are six steps you should immediately take.If you find out you've been hit by a ransomware attack, executing your business continuity plan is step one. It doesn't matter if that plan wasn't designed for cyberattacks in particular. Even general business continuity strategies, including those intended more for remote working or natural disasters, will still work just fine .
So what does limiting the blast radius of the breach entail? It comes down to harm reduction. Ideally your response should thread a needle of rebuilding and recovering your systems, while also preserving enough digital forensic evidence of the attack to be analyzed afterward. That's a tough balancing act to pull off, and the panic of the situation can lead to a natural inclination to shut down everything.
There's not a lot you can do if you've discovered the ransomware hours after it's spread throughout your network, but there are ways you can minimize the damage done and the fallout. Most importantly, the best protection when it comes to ransomware is prevention — leveraging lightning-fast, human-led threat hunting teams that will monitor your network 24/7 for an attack.