Should I report a ransomware attack?
Yes, you should always report a ransomware attack to the appropriate authorities regardless of the size of your organization, amount requested, or severity of damage.
One of the main immediate benefits to reporting a ransomware attack is that sometimes authorities have decryption keys that can help with the process of recovering your data and removing the ransomware threat.
Steps for responding to a virus ransomware attack
When reporting a ransomware attack, be sure to gather as much information about the attack as possible, including email addresses, IP addresses, and triage information. One great way to get a lot of evidence is to provide an image of your server.
If you’re not sure how to find or access this data, a t can help. Once you’ve gathered all the data you can, it’s time to file your report.
You may also file a report with the FBI’s Internet Crime Complaint Center (IC3). They request the following information:
- Date of Infection
- Ransomware Variant (identified on the ransom page or by the encrypted file extension)
- Victim Company Information (industry type, business size, etc.)
- How the Infection Occurred (link in e-mail, browsing the Internet, etc.)
- Requested Ransom Amount
- Actor’s Bitcoin Wallet Address (may be listed on the ransom page)
- Ransom Amount Paid (if any)
- Overall Losses Associated with a Ransomware Infection (including the ransom amount)
- Victim Impact Statement
Report ransomware to your country's scam reporting website
In addition to law enforcement, there are scam reporting websites specific to each country that can help with reporting ransomware.
- United States: On Guard Online
- Australia: SCAMwatch
- Canada: Canadian Anti-Fraud Centre
- France: Agence nationale de la sécurité des systèmes d'information
- Germany: Bundesamt für Sicherheit in der Informationstechnik
- Ireland: a Garda Síochána
- New Zealand: Consumer Affairs Scams
- Switzerland Nationales Zentrum für Cybersicherheit NCSC
- United Kingdom: Action Fraud
Reporting ransomware to the software provider
Reporting ransomware attacks to software providers, such as Microsoft, can help the companies become aware of vulnerabilities in their systems, where and how users are being targeted, and how they might issue patches and improve their software.
How do ransomware attacks happen?
Usually, organizations fall victim to ransomware because they don’t have the right cybersecurity services and/or protocols in place. Sometimes it can be as simple as an employee without security awareness training unknowingly clicking on a suspicious link, other times it’s because a company switches off its virus protection software in order to ensure they can send emails efficiently.
With cybersecurity services like Mimecast, security doesn’t have to come at the expense of productivity.
How can I recover files from ransomware?
Recovering files from ransomware attacks is possible but not always guaranteed, even if a ransom is paid.
Recover files with a backup
It’s always good to ensure you back up all important data, information, and files. That way if you lose files to a ransomware attack, you can recover them from wherever you have your backups.
It’s just as important to ensure your backups are secure as any other files. Mimecast’s cloud-based backup system makes backing up files easy, convenient, and secure.
Recreate the data
If you have physical or paper copies of your files, it can be re-entered manually. Having physical copies of your data can be a great way to ensure cybercriminals can’t get to it, but it’s much more convenient to store everything.
Mimecast’s Sync & Recover feature enables organizations to automate data backup. Connected users can have their email, contact, and calendars all synced to a secure cloud database, where the data can be viewed and recovered whenever needed.
Break the ransomware encryption
A decryptor is a tool that decrypts files that are encrypted by ransomware. While there are decryptors widely available for some types of ransomware, the most current ransomware threats likely do not have decryptors, which is one of many reasons why it’s so important to prevent ransomware attacks in the first place.
Should I pay the ransomware or not?
It's generally NOT advisable to pay ransom for ransomware for several reasons. One is that paying ransom does not guarantee you will recover your data, that cybercriminals will honor their proposed agreement, or that you will not be targeted again. In fact, it’s fairly common for organizations who pay ransom to be targeted again by the same cybercriminals.
Another reason not to pay ransom is it incentivizes cybercriminals. In the event of a ransomware attack, the chances of recovering your data are greater by partnering with law enforcement and cybersecurity partners like Mimecast. Coalitions of cybersecurity experts and law enforcement agencies have taken down many ransomware operations and successfully provided decryption keys.
How do I secure my network after a ransomware attack?
The best action to take against ransomware is preventative action, and it’s not too late to start after recovering from a ransomware attack. At any point, it’s paramount to secure your network before another ransomware attack even comes close to infiltrating your organization, and the best way to make that happen is to partner with a cybersecurity service like Mimecast.
Mimecast can secure your entire network without sacrificing efficiency or ease of communication and empower all members of your organization with tools and knowledge for combating cyberattacks.
Try on Mimecast for your organization by getting a customized plan and quote.