Our Blog

Ransomware recovery: How your organisation can recover from a ransomware attack

Ransomware recovery: How your organisation can recover from a ransomware attack

Portia Linao Portia Linao
February 01, 2022, Post a comment

Your organisation just had a ransomware attack.

Now what?

It’s an organisation’s worst nightmare when their supposedly secure computer freezes one day with a message on the screen letting you know that you’ve fallen victim to ransomware. Understandably, panicking would be your first reaction, but this won’t help with the situation. It can even make it worse.

Ransomware tactics are getting craftier over the years. The newer the ransomware, the more sophisticated it is and the harder it is for friendly IT geeks to crack. There’s no lack of ransomware attacks in Australia. There was even a 15% increase in ransomware cybercrime reports, according to the Australian Cyber Security Centre (ACSC). And the biggest attacks in 2021 mostly targeted healthcare institutions and government agencies, according to this article.

It's only a matter of time before your organisation will fall victim to a ransomware attack. With the sophistication of ransomware attacks nowadays, no organisation is immune to them anymore. But what you can do is reduce your risk and save as much of your data as you can. Preparing a ransomware prevention and recovery plan is necessary for an organisation to survive ransomware attacks of any magnitude.


Ensure your data is safe with these best practices for an effective ransomware recovery:

Never pay the ransom

The FBI defined ransomware as malicious software that locks you out of your computer, data, or networks. The attackers then demand a ransom in exchange for a decryption key that would allow you to reaccess your data. The ransom amount varies as well. Depending on the target, it can go as high as AUD 250,000 for one malware victim, according to this ACSC report in late 2021


When your computer has ransomware, you can either pay the ransom (which is not recommended by the FBI), attempt to remove the malware with your team, or wipe all systems completely and reinstall all applications and software again. 


The latter two are the most reliable solutions to recover from a ransomware attack. But sadly, there are still a few who pay the ransom. The FBI discourages ransomware victims from paying the ransom. According to the agency, paying the ransom opens you to new risks such as: 

  • There’s no assurance that the perpetrators will return your data. There’s a chance the criminals will only take your money and not give you the decryption key. 
  • Motivate the criminals to continue with illegal activities and target more organisations.
  • Encourage other individuals to enter this type of illegal business model.


The safest option to recover from ransomware is to remove the malware from your device and restore your system or wipe everything and reinstall all your applications. 



Find Computer X

If you decide not to pay the ransom, the first thing to do is find the infected computer – or the device the ransomware entered.

Once you find the ransomware’s entry point, isolate the device from other computers. Disconnect the infected computer from the network (wired and Wi-Fi) and refrain from inserting any portable storage device on it to prevent the malware from spreading throughout your network.

Take note that there may be more than one infected device. Either the ransomware has entered through multiple devices or already infected multiple computers through connections. Ensure that you have checked all computers thoroughly. Double-check for any dormant malware in your systems waiting to activate itself after a certain period. Run a thorough scan of your devices. This way, you can do the necessary ransomware recovery actions to all infected devices (if any more are found).

Identify the ransomware

Determining the type of ransomware that has infected your machine will help you create an effective plan of action to remove the infection. When it comes to ransomware, it can either be screen-locking or encryption-based.

There are different types of ransomware and various ransomware examples. But for most of the time, the ransomware will introduce itself to you on the ransom note. If it didn’t, use tools like ID Ransomware by the Malware Hunter Team or the Crypto Sheriff by the No More Ransom! Project.

Knowing what type of ransomware you’re up against gives you a slight advantage. By understanding how ransomware behaves, attacks, and infects devices, you’ll be able to conduct the proper action to remove it from your machine and safely recover your data.

If you have proper documentation of the ransomware attack, report it to the authorities at once. Doing this will help others who were infected by it as well.

Remove the malware (wipe your systems)

In case you want to remove the malware from your computer without wiping your entire system, The No More Ransom! Project offers decryption solutions for a variety of ransomware. Search for the ransomware name on their Decryption Tools, check the how-to guide and download the decryptor.

Another option would be to completely wipe your system and reinstall all your software applications again. With this, you can ensure that no traces of malware is left on your machine, and you can start from scratch.

Restore your data from backup

Wouldn’t it be nice if you restored your computer to how it was before getting breached? That scenario is possible if you have a backup solution. With it, you can get everything up and running in no time after you’ve wiped your computer clean as if a ransomware attack didn’t happen.

But before you recover your data, scan your backup first to prevent reinfecting your machine. Scan your backup with an anti-malware package for any hidden malware that might have synched along with your files.

If you’re backing up your data to the cloud, use a cloud antivirus solution. This tool will automatically scan all synching data for malware or virus before uploading the data to the cloud server. One of the benefits of cloud antivirus is that there’s no need for manual updates or scans. It will automatically scan, report, and remove any infections it finds.


Prevention is better than cure

The best defence against ransomware is prevention.

As ransomware attacks get nastier over time, no organisation is safe – no matter how advanced their IT security is. But that doesn’t mean that you won’t implement cyber security in your organisation. Although it doesn’t 100% prevent malware, it will reduce the chances of a breach and stop business downtime. 

Fix the problem that allowed the ransomware to wreak havoc on your machine. Then create a prevention and recovery plan if you fell victim to a ransomware attack. To avoid ransomware, remember to: 

  • Keep applications up to date
  • Run regular anti-viral scans
  • Auto-sync your backups and isolate them from your local machine
  • Implement company-wide security awareness training


If a ransomware attack is stronger than your cyber security solution, data recovery is your last line of defence against it. 

Your ransomware recovery solution should not be used unless absolutely necessary. Instead, focus on strengthening your ransomware prevention plan to block any type of malicious software right from the start. 

Let our IT experts show you what the right cyber security solution looks like. 

Signup for a complimentary IT Health Check here and let our experts will help you find technological vulnerabilities. As a bonus. we'll provide you with a business IT risk assessment and a mitigation plan to move your business forward without the risk of ransomware. 

IT-Health-Check-Report-669369-optimized-min (1)

Find cyber risks before they find you

Don’t let yourself be a part of the statistic. Take action now and protect your data by booking a complimentary IT Health and Security Check.