About MOUNT10 / Blog / Ransomware Attack – What to do?

What steps should I take if I have been the victim of a ransomware attack?

It is unlikely that you will notice a hacker attack immediately after it has happened. Many attacks take place just before the weekend, i.e. you will not notice it until Monday. Usually your data is encrypted and a text file or screenshot with instructions is shown.

What should you do if you have been attacked?

The National Cyber Security Center NCSC advises the following steps:

Under certain conditions, a partial or complete restoration of the data is possible even without a data backup. A decryption may work under certain circumstances if:

 

  • the ransomware has not encrypted or deleted shadow copies in Windows
  • Snapshots of virtual machines or previous file versions exist in cloud servises
  • forensic recovery of deleted files is possible
  • the ransomware has flaws in its encryption function or the key for decryption is known.

 

What can be done to protect oneself against cyberattacks?

This is the question that all companies are asking themselves at the moment.

MOUNT10 therefore launched the Swiss Cyber Defence Initiative in October 2020 with the cooperation of various industry partners such as Swisscom and Microsoft.

Swiss Cyber Defence DNA (SCD-DNA) is a guide for your SME to protect yourself easily and efficiently against cybercrime threats and major financial damage.

The guide is free of charge and solution-neutral.

 

Measure No. 1 refers to “Current unchangeable data backup / read-only backup”.

 

Source: https://www.ncsc.admin.ch/ncsc/de/home/infos-fuer/infos-unternehmen/vorfall-was-nun/ransomware.html

 

 

Further articles

3-2-1-1-0-Regel_Blog-aspect-ratio-500-680
The golden 3-2-1-1-0 Backup Rule
06 January 2023
Discover more
mount10-mountains-1400x600