Manage and Mitigate an Active Ransomware Attack

Attackers are constantly developing new kinds of ransomware that use various attack vectors like malvertising, ransomworm, and peer-to-peer file transfer programs. And now there is even Ransomware-as-a-Service, where hackers sell their malware to other cybercriminals, increasing the frequency and reach of ransomware. Ransomware authors can enlist anyone to sign up, and both parties would earn a percentage of the profits.

Below are 5 core steps to managing and mitigating an active Ransomware attack.


The first step to managing a ransomware outbreak is to isolate the infected systems from the rest of the network. Shut down those systems and pull out the network cable. Turn off the WIFI. Infected systems need to be completely isolated from the other computers and storage devices on the network.


Next, figure out what kind of malware has infected the computers. The Incident Response team, IT organization, or an outside consultant will be able to determine the strain of ransomware and start to plan out the best way to deal with the infection.

Involve the Authorities

Depending on the impact of the incident and any regulations that apply, it might be necessary to report the incident to the FBI or other governmental bodies. The FBI issued a PSA in 2016 asking for reports of ransomware to help increase their capabilities and understanding of the ransomware attacks.

Remove the Malware

Now remove the malware from the infected systems to prevent further damage or spreading of the malware.

Recover Data

With the malware attack contained, start the process of recovering from the attack. Paying off the ransom is an option – maybe the attackers are honorable thieves and will give you the keys you need to decrypt the data. The best option is to restore from the most recent backup available. Assuming there is a good backup available.

Varonis Data Security Platform is the perfect front line defense against ransomware attacks to primary data storage. When the first wave of modern ransomware appeared in 2014, Varonis already had the detection and prevention system in place – and it’s only gotten better since.

John Dalton | Head of Security and Data Governance