The ransomware cyber-attack has grown as a cyber-threat exponentially in the past few years. Ever since the WannaCry attack in 2017, news media has reported large scale ransomware attacks regularly. And no individual or organization is safe from ransomware. The BBC reports a recent ransomware attack which compromised the computers of the government of Baltimore city.

How it enters your computer: Ransomware, typically, must be installed. It can come in the form of email attachments or downloads from the internet. Websites disguised as trustworthy sources or ransomware piggybacking on other software are common ways by which cyber criminals spread ransomware too.

You must plan and prepare for your computers being hijacked too. Most important, of course, is preparing for such an attack. But, in the event your business falls victim to ransomware, what should you do?

Should you pony up the hundreds of thousands of dollars that are demanded to release your hostage computers? We take a look at some things you can do in this article.

Don’t pay ransom

If one or more of your computers has faced a ransomware cyberattack, do not pay the ransom. There are a few reasons for this:

  1. Your files may already have been deleted
  2. The hacker may not release your files despite the ransom
  3. There is no guarantee your data will be retrieved
  4. You don’t know how else your computer has been compromised
  5. You will be funding further cybercrime and illegal activity

Alert your cybersecurity team

Get in touch with your cybersecurity team immediately. Do not initiate any action unless your cybersecurity team has had a chance to understand the threat. Ransomware is being continually analyzed and there are solutions for recovering information under development too.

Go ‘offline’

Take the compromised computers off the network immediately. This means not only of your company’s network but also off the internet. It may not resolve your issue, but it does break the hacker’s direct grasp on your computers. Also, your microphone and camera cannot be used to spy on you once the device is completely disconnected.

Don’t use the computer

Cease interaction with the stricken computer.  Its camera and microphone may be compromised and could record your conversations.  Moreover, the hacker may try to coerce you into paying the ransom amount if they detect frantic activity on the computer.  

Disconnect peripherals

Make sure the computers cannot spread the infection onwards. Disconnect any storage media you have and any peripherals attached to compromised computers. It is not unlikely that ransomware may be accompanied by keylogging software or other malware.

Protect your backup

If your data is properly backed up, what can a hacker hold you to ransom for? Backups of your data are of irreplaceable value – especially in situations like this. And at Technical Action Group we deploy multiple layers of back up to protect clients from data loss.

In the event of a ransomware cyberattack, be wary of immediately turning into your backup. Until such time your cybersecurity team has assessed your computers, assume that other computers could be compromised too. With your backup intact, you have the option of simply resetting compromised systems without losing data.


Technical Action Group has an expert team and infrastructure for disaster recovery from a ransomware cyber attack. Our clients appreciate our cutting-edge protection. In fact, we can get you back up and running in as little as 3 hours too.

Our team devises plans not only for your security but in the event your infrastructure is catastrophically compromised. Call us or contact us via our website to understand how we can help make your business cyber-robust.