Stop the Bleeding, Your First Step in Responding to a Cyber Attack.

Ransomware attacks have become more and more common and are a growing threat to large and small business and organizations alike. More than 40% of companies in Canada have experienced a breach in 2023, causing significant financial loss and organizational impact.

“Taking a structured military approach can be key in successfully maneuvering your way through an event” says Ditmar Tavares, CEO and founder of Locknetwork Inc.

Your first step, akin to securing a battlefield is to “Stop the Bleeding”. You need to disconnect any infected systems from the network to prevent the ransomware from spreading to other devices.

Do you have an incident and/or breach response plan? If yes, start to deploy and act on the strategies to recover. Your next steps should be:

1. Determine what type of ransomware is involved, often there may be decryption tools or keys available especially if ransomware as a service has been used.

2. Determine what systems and data have been affected.

3. Deploy security patches, remove malware, and close any vulnerabilities that have been identified.

4. Restore your systems from clean backups.

5. Continue to monitor for additional attacks.

Communication is key throughout the incident and post breach; stakeholders must be informed. These could include, internal staff, externa clients, suppliers, legal, regulatory and others. Note that there can be significant privacy legislation that may impact how, when and what you communicate.

Once you have recovered from the breach ensure that you perform a post-mortem to ensure that you have identified any areas of improvement to your response and proactively protect your environment from future attacks.