Held hostage by ransomware. Now what?

Suddenly you can not open any files. Your software keeps giving error messages. On your computer, you read a message from cybercriminals. They have locked your system with ransomware, or hostage software. They are demanding that you pay a ransom. Only then will they give you back access to your files. Meanwhile, your business is at a complete standstill. Read here what you can do to get back in business without paying.

Ransomware attacks are common.  Usually, only attacks on large companies make the news. But cybercriminals do not only attack large companies and organisations. Smaller and medium-sized companies are also at risk. In research carried out by the Dutch government in 2023, entrepreneurs named ransomware as one of the most important cyber threats (in Dutch).

To pay or not to pay?

In a ransomware attack, criminals demand that you quickly pay a ransom in cryptocurrency, such as Bitcoin. If you pay, you can not be sure whether you will really get your data back. Or whether you will be free of the criminals or whether they will try to extort even more money from you. So, the police advice in case of a ransomware attack is not to pay. 

Get back to work fast

What can you do if you don't want to pay? These steps will get you back in business quickly:

1. Bring in an IT expert

Contact your IT administrator immediately. They know your system and your software best. Your company does not have an IT administrator? Look for a company that specialises in cybersecurity. All IT experts know the NoMoreRansom site. The site has a tool that removes the malicious software for many types of ransomware. You might get lucky and find a tool for the specific ransomware that the criminals used to attack your system. 

2. Report the cyberattack

Report the cyberattack to:

• The police. The Digital Trust Center (DTC), part of the Ministry of Economic Affairs and Climate, has tips on how to report cybercrime to the police. 
• The Fraud Help Desk (in Dutch). This foundation provides information and tips on current fraud to individuals and businesses. 

Did the attack also lead to a data breach? In that case, you must report the breach within 72 hours to the Personal Data Authority (in Dutch, Autoriteit Persoonsgegevens). 

3. Restore your backup

You are especially unlucky if No More Ransom doesn't have a tool that removes your ransomware. In that case, only a good, recent backup will allow you to regain access to your data and systems. In June 2022, Amsterdam’s Artis Zoo was the target of a ransomware attack. They got their IT systems back up and running within days with their own backups. They did not pay the €1 million ransom.  

4. Improve your security

Together with the IT expert, investigate how the hostage software got into your IT systems. For example, did an employee click on a link in a phishing email? Many cyber attacks start with human error or fraud within the company.

Have an independent expert test your IT systems. For example, with a pen test (penetration test).  This will identify the weak spots in your computer network. Involve your own IT administrator in closing these holes. Check out these tips and make sure you do not get hit by ransomware again. 

Has your company been hit by ransomware? We would love to hear from you. Share your experience at kvk.cyber@kvk.nl.