Considerations following a ransomware attack

The threat of a cyberattack is always present and ransomware is one of the most pervasive and damaging forms of malware.

Aran Pitter, our Commercial Director says
”a ransomware attack can encrypt all the data on a hard drive, rendering it inaccessible until a ransom is paid to the attackers. In such a dire situation, the process of recovering data from a ransomware-infected hard drive becomes crucial, requiring a strategic approach and careful considerations. Recovery from ransomware accounts for over 20% of all the data recovery we see. We explore how to protect yourself in other articles, but here we will concentrate on the immediate response and containment”.

Our malware expert Tony Johnson suggests
“the first step after a ransomware attack is to contain the infection to prevent further damage. Disconnect the infected device from the network immediately to prevent the ransomware from spreading to other devices. Shut down the affected system to halt any ongoing encryption processes and avoid additional data loss. If possible, identify any available backups that were not affected by the ransomware. Backups are a critical component of data recovery, allowing you to restore unencrypted versions of your files and systems without paying the ransom”.

When we receive a hard drive the first step is to assess the extent of the damage by determining which files and systems have been encrypted. There are universally available ransomware decryption tools, but they rely on recognised algorithms. New strains of ransomware are being constantly developed and these tools may not be effective. We have several tools for identification and decryption, all of which have been developed by our own cybersecurity experts.

Avoiding Ransom Payment
We discourage paying the ransom for several reasons. Firstly, there's no guarantee that the attackers will provide a working decryption key or fully decrypt your data even after payment. Additionally, paying the ransom fuels the ransomware economy, incentivizing cybercriminals to continue their malicious activities. Therefore, exploring alternative recovery methods is advisable before considering ransom payment as a last resort. Our cyber-security experts talk to people every day who have been affected. If you’ve been a victim of a ransomware attack, give us a no-obligation call to discuss your options.

Online Price Calculator


Aran Pitter Data Recovery Specialists   
Aran Pitter, Commercial Director


Further reading

To pay or not to pay ransomware

How to fix corrupted BIOS firmware

Deleting a file does not delete it