Cyber Security 101

Lesson 8

Coping with a cyber attack

Welcome to Lesson 8 in cyber security

In Lesson 7 we taught you about the different kinds of cyber attacks and how to avoid them. This lesson deals with how to cope with a cyber attack.

If you’ve suffered a cyber attack, and you already have a backup routine, you’ll be able to restore your data pretty quickly.

If your backup routine is 1) automatic, 2) stores incremental versions of your data and 3) is scheduled daily, then you’ll never lose more data than what was generated since your last backup.

Without a backup plan in place, you’ll have to pick up the pieces and then put a backup routine in place.  

If you’ve been hit by a ransomware attack, you’ll have to decide whether to pay the ransom or not.

Experts in cyber security warn that paying ransom is not only unsafe – you have no guarantee that the attacker will return your data and leave you alone – but it encourages cyber criminals to continue doing it. It is safer in the long term to use these eight steps to handle a ransomware attack:  

Be ready for an attack by automating your data backup

If your data is backed up at the point of a ransomware attack, then you can restore your backed up files and ditch the infected ones.

Make sure the attack is in fact ransomware

If your staff know how to identify ransomware and who to alert, they’ll be able to stop it from spreading to other devices and kick-start the recovery process. 

Disconnect the affected device/s from the Internet

Once you’re sure it’s a ransomware attack, take the affected computer offline and disconnect it from your network.

Tell your staff

Alert everyone to the attack as soon as possible, and let them know how you’re going to handle it.

Identify the kind of ransomware attack

You need to work out what kind of ransomware you’ve been hit with so you know how to handle it. The online tool ID Ransomware will help you identify it and offer a solution where available.

Remove the ransomware

If the ransomware code has been cracked, you’ll be able to find a decrypter for it online. If there’s no decrypter, you’ll have to restore the affected devices to factory settings and then restore your data from the last clean backup or say goodbye to that data if you don’t yet have a backup routine in place.

Install an effective EDR (electronic detection and response) solution

This will be far more effective than traditional antivirus technology.

You can read more about handling a ransomware attack here.

Share this cyber security course

Share on facebook
Share on linkedin
Share on twitter
Share on whatsapp
Share on email

In Lesson 9 we’ll examine what makes a good cyber security tool.

Note: This content is general advice and should not be construed as paid-for cyber security advice and instruction.

We are taking all necessary precautions around the COVID-19 situation. Our offices are closed and our team members have each been set up to work remotely in self-isolation at home. As far as possible IronTree will maintain business as usual. All our resources such as server platforms, transactional capacity, telephony and electronic communications, including video meeting facilities, have been configured in the cloud and are 100% operational. Please feel free to contact us if you require our assistance. Stay safe!
One of our team members will be happy to help answer any questions you have!
Just click the chat icon in the right-hand corner.