Member-only story
How to Survive a Ransomware Attack
With the sheer volume of ransomware attacks in the past couple weeks, I decided to write an article about what works and what doesn’t. I’m writing about ransomware attacks, but this advice ultimately applies to most types of compromises, viruses, or malware attacks. These steps are going to be more generic because there is “no one size fits all” approach to resolving infection or compromise.
What To Do First
The very first thing to do is to remain calm. Don’t let the situation blindside you and don’t let fear and emotions take control. You need to keep control of the situation so you can do your best work.
When you get scared and freak out, so do your customers, but far, far worse. You are the expert to your client. If you show fear, they assume they should be more scared than you are, and when you relax, they assume you have it under control (or at least should hopefully calm down). You have it under control, or you will, just stay calm and do what you can do. Research and respond where and how you can.
What To Look For
The very first thing after the simple act of staying calm is to assess the situation. What do you have? Is it a compromise or is it ransomware? If it’s ransomware, what has it hit and what hasn’t it? Are server shares still on? Shut down as much…
