Moran Zavdi is the founder of Nucleon Cyber, which provides actionable, proactive cyber threat intelligence for organizations.
I bet you can see the scene before you now: The hair on the back of your neck stands up, and the panic creeps up your spine as you face your computer with dread — the screen has turned black. A message informs you that you’re under attack. Pay the ransom, or the person on the other end will erase your computer memory, steal files or share private information such as secure customer data. You freeze. What do you do next?
Your gut instinct may be to quickly press the power button and shut down the computer or run to an expert for help. Before you do, you should check a couple of items to reduce any damaging effects. Follow these easy steps to make sure you make the right choices and recover as much data as possible after the attack:
1. Disconnect your computer from the internet.
The absolute first thing you want to do is stop the flow of information to the attackers by taking your computer offline. A common practice for a hacker (or a bot, if it’s an automatic program) is to connect to a remote web server and download a file with instructions about specific programs to install and the detrimental actions it should perform.
In other cases, the hacker or malware will send your information, such as documents or pictures, to a remote computer for later use. Disconnecting your specific device from the network might delay the hacker from getting to your files or from further accessing your computer.
2. Disable the network momentarily.
If you’re in a location where your device is networked with others, disconnect the network yourself or notify the proper staff to do this across the office. Many malware programs look on the local network for other computers that may be vulnerable. Once you’ve protected your computer, it’s important to think about others near you who may be attacked after you are.
Think of the age-old airplane analogy: Put on your oxygen mask before you help others. Disconnect your computer and then help others to disconnect theirs before any additional damage is done. Once the area is secured, you can take a step back to assess what damage was done and determine the next steps for securing your files.
3. Don’t pay anyone for this type of threat.
Next, don’t respond to the attacker or cave into any demands without taking the time to look at the overall picture and calculate the risks. Most intelligence agencies worldwide, including the FBI, recommend against paying a ransom, especially because it doesn’t guarantee that you will regain access to your data. You may never receive a decryption key, and you could face additional bugs to recover the data.
I’ve worked with clients who have tried to reason with the person on the other end of the line, or even worse, pay the fees that they demand. This only encourages bad behavior and shows the attackers that this move is effective. They’ll take your acquiescence as a sign and continue to bombard others as well. Your line of defense could make them reconsider these tactics and prevent further harm down the road.
4. Ensure you have a backup.
Make sure your most important files are saved elsewhere. The most useful way to protect yourself against ransomware or offensive attacks that could destroy data is by keeping remote backups that aren’t directly connected to your computer or network. This could include cloud-based programs or physical hardware such as a storage drive.
A routine backup is an important practice to already have in place, of course. If you’re not facing an immediate threat, let this be a wake-up call to put a plan into place now to be prepared for the future. Scammers have stepped up their activity during the pandemic, and this is the ideal time to check your current backup protocols and ensure they capture everything you need. Best practices have become even more vital as people work remotely and have new habits in place.
5. Create a new system for the future.
Once the initial shock of an attack has subsided, you can prevent future issues by building up a system of protection. These malware programs are becoming more common, and sometimes they can be quite deceiving and intrusive. Even large technology companies have faced problems recently with email phishing scams and sensitive customer data being uploaded online.
Develop a personal plan and an office-wide plan for information security, and create a habit that will keep these risks top of mind. Make sure you back up files regularly with a reliable plan. Designate someone on staff to be the proactive cyber intelligence officer of the organization, who checks the latest free sources such as cybersecurity blogs, podcasts and news sites to stay updated on the latest trends. Consider using a proactive solution, such as a cyber intelligence tool, that will increase your overall network security and reduce costs down the road.
Most of all, don’t be ashamed or afraid to ask for help. Many organizations offer free services for cyber attacks as part of a local or national Community Emergency Response Team, or CERT. They can help with expedited recovery and share relevant details from your case with others to prevent an attack in the future. They also specialize in building reliable disaster recovery plans — which are key for successfully handling a cyber attack — that can cover all of the common (and not so common) threats that might happen, both at work and at home.
Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?