Ransomware is a crippling, vicious attack with devastating consequences for corporations and small business owners alike. What steps should you take if your company is being held hostage by ransomware?  


Ransomware has become a global threat, attacking some of the world’s largest companies, including Merck, Federal Express and much more. Businesses of all sizes are at risk of ransomware like Wannacry, Petya and now the recently named ExPetr. With ransomware, digital files are virtually “stolen,” and a monetary ransom is demanded before the files are restored or returned. Ransomware is a crippling, vicious attack with devastating consequences for corporations and small business owners alike. What steps should you take if your company is being held hostage by ransomware?

Report It

Being hit by ransomware isn’t shameful. Some of the most powerful corporations have been victims of attacks like these. The hackers behind these malicious viruses have a predatory and sophisticated methodology that even savvy business owners can fall prey to. If your company is being held by ransomware, you should report it to the proper authorities without delay. In the case of ransomware, the FBI wants to hear about it first. From the FBI’s website, the FBI wants you to “contact your local FBI field office and report the incident to the Bureau’s Internet Crime Complaint Center.”

Reporting your incidence of a ransomware attack helps authorities and other companies deal with this growing threat. First, when you duly report the incident, authorities may be able to spot a pattern or a means by which the hacker was able to commit the crime. Information about your case will be compounded with other reports to formulate possible causes, means, and solutions. Your honest and timely report may help solve a cyber crime.

Second, when you say what happened, other companies can be forewarned. The more cases like yours can get talked about, the more likely it is that future attacks will be unsuccessful. Think of it as if a predator were lurking on your street. You’d want to let your neighbors know about it so they can take precautionary steps, right? It’s the same with ransomware attacks. The more people you can let know and warn, the fewer victims there will be.

Alert Your Service Provider

If your company has been the victim of a cyber attack of ransomware, the perpetrators had to at one point go through the door of your service provider. While it can’t be surmised that the breach occurred at the service provider’s level, they do need to be alerted as to the breach.

Your service provider has an obligation to take precautionary steps against cyber attacks. If their steps aren’t sufficient, and your company is being held hostage by ransomware, your service provider will want to know about. They don’t want their other customers to become victims as well. The sooner you can alert them, the faster they can take swift action to protect current and future customers from similar breaches.

Contain the Malware

When malicious code is detected by your local virus software, the system is quarantined to minimize the damage. When your company is being held ransom with ransomware, get your IT company on board right away so they can contain the malware. It’s possible that total damage hasn’t yet been done. Don’t take any steps like shutting down computers until you consult with your IT company in [city]. They’ll be able to instruct you with immediate action, as well as take measures to contain the malware as much as possible. When the malware is safely contained, you may be able to have your business up and running sooner rather than later.

Restore Backup Data

Hopefully, you’ve got backup data files that you can restore in case your company is being held hostage by ransomware. If so, work with in to restore the backup data in such as way that it, too, won’t fall into the hands of the “kidnappers.” Restoring the backup data should enable your company to continue operating while the ransomware situation is being handled. If you don’t have backup data, you can at least begin working with a cloud services firm to implement a backup routine for the future.

Get as Much Information as Possible

Ransomware and all malicious code are a serious threat that you don’t have to deal with alone. When this happens to you, get as much information as possible to keep yourself informed with news updates. One reliable source is BleepingComputer.com, a site where you can get up to date news on the latest cyber threats facing individuals and businesses today.

Stay in touch with your local authorities, service provider, and FBI to makes sure that you are fully informed, and to make sure your company complies with their instructions. Never try to handle an incidence of ransomware attack by yourself.

Let Customers and Investors Know

For safety and liability reasons, let clients and investors know as soon as possible if the company’s data has been attacked by ransomware. While you have an ethical duty to do so, you also open yourself up to potential liability if you don’t disclose this relevant information as soon as you can safely do so. If your customers’ data is stolen and misused in any way, you and/or your company could be held liable for damages incurred. This is a scenario that’s easily avoidable as long as you let all affected parties know what happened.

It is disheartening to disclose to investors that the company data has been breached by ransomware. In a public company, stock prices may fall, at least temporarily. In the end, though, your business will look better and be able to rebound faster, the sooner you let interested parties know what happened. At that time, you can also tell them that you’ve taken steps to work with a reliable IT company such as in . You can contact us at for swift attention and service.

Ransomware is becoming increasingly common, and small and large companies are equally at risk. For advice and assistance in ensuring that your business is as protected as possible against cyber threats like ransomware, please call or email at today.