Skip to main content
How to Recover from a Ransomware Attack

Ransomware is a type of malicious software that is created to deny a user or company access to files and data on their computer; a digital hostage if you will.

Ransomware is a type of malicious software that is created to deny a user or company access to files and data on their computer; a digital hostage if you will.

Using entry points like phishing emails to access to your device, it makes your computer or its files unusable via encryption


A ransomware attack is a very real possibility, with 495 million attacks in 2021 alone.

Ransomware is generally divided into two types: locker ransomware and crypto ransomware. A locker ransomware virus locks the entire screen, while crypto ransomware encrypts individual files.

By encrypting these files and demanding a ransom payment for the decryption key, cyberattackers hold companies or individuals to ransom, with attackers telling victims that paying the ransom is the only way to regain access to their files.

With many ransomware attacks also seeking out all production and backup files and documents — and encrypting those too — the victim is left to believe there is no choice but to pay this ransom.

Repatriation of documents is not guaranteed, however, caveat emptor -buyer beware.


Ransomware can be via varied digital tactics; however, some of the most common examples can take the form of:

  • Suspicious emails: opening emails or files from unknown sources and downloading
  • Websites: visiting unsafe websites
  • Social media: leaving the safe site and continuing on to an external link to a suspicious webpage
  • WIFI connection: moving through an unsecured internet connection to infect computers.
  • Pop-up messages demanding funds to unlock files
  • Files with a name change: dubious and edited file names


We subscribe to the adage of prevention being better than cure.

Infections attack the vulnerable; whereby victims may be targeted for using outdated equipment or outdated software on devices or using unsecure browsers or operating systems.

We recommend the following to avoid an attack:

  • Cyber awareness training and education; including having a cyber-security incident plan
  • Back up all data. Say it again, back up all data. We recommend and use Veeam for their ransomware and end-point protection, and subscribe heavily to their 3-2-1 Cloud backup strategy
  • Hygiene basics: never clicking links or attachments in unsolicited emails and keeping all security programs on your devices up to date
  • Use a VPN when using public Wi-Fi
  • Turn on Multifactor Authentication

Cure: How to recover from a ransomware attack:

It is likely that a ransomware attack will only be detected once the virus has infected a device and the data encryption is complete.

We recommend not paying the ransom, as you may find yourself a victim in perpetuity.

However, if your business has fallen prey to an attack, we recommend the following steps to regain control and to avoid an attack in the future:

  • Disconnect from WIFI or LAN: this can prevent the spread of ransomware within the network
  • Perform a virus scan: this helps you identify the threats; if dangerous files are found, you can either delete or isolate them.
  • Create a backup of your data that has not yet been encrypted by ransomware
  • Make a copy of encrypted files on removable media in case a solution becomes available
  • If you haven’t already, subscribe to an automatic back-up and ransomware protection agent. We recommend and use Veeam


Even with the best security safeguards, a ransomware attack can never be ruled out. But you can be wise to the signs of an attack (or potential of) and detect and deflect early on.

Remember that backing up your data regularly will greatly reduce the impact of an attack.

 If you would like to speak to one of us about cloud back up and cyber security click here.