top of page
  • Writer's pictureJohn Dempsey

Your Go-To-Strategy for a Ransomware Attack and Your Crisis Communication Response

Your IT system has stopped responding and is acting strangely.  A large number of files change, indicating that a malicious program is encrypting the files.  A document called something like ReadMe.txt appears, asking for a ransom in exchange for the key to decrypt the infected files. Do not reply to it! Never contact the attacker directly to start negotiating.


Stay calm and disconnect the IT from the Internet, and Isolate the parts of the network that have been infected to prevent lateral spread. This means turning off automatic maintenance tasks on compromised systems and disconnecting backups to safeguard them from potential encryption. Remember – backing up important data offline is the single most effective way of combating the leverage attackers have over their victims. Document Ransom Note - capture a photo of the ransom note using a separate device (like your cell phone) for recovery and documentation purposes. Inform the IT security team immediately for guidance and activation of incident response plans. Call the internal CERT (Certified Identity Protection Advisor) or contact an external CERT. Refrain from restarting infected devices to prevent additional harm and aid investigation.


The Ransomware Epidemic

The widespread influence of ransomware made a significant impact in 2023. According to ThreatLabzresearch, there was a notable 37% increase in ransomware attacks. These incidents were marked by an average ransom demand of $5.3 million for enterprises, with the actual payments surpassing an average of $100,000. Cybersecurity Ventures predicts indicate that this destructive and disruptive cyberattack is anticipated to incur annual costs exceeding $265 billion for victims by the year 2031



In today's digital age, businesses face an increasing threat of cyberattacks, with ransomware incidents becoming more prevalent. The progression of ransomware groups towards higher sophistication is driven by the profit-sharing model inherent in criminal organizations, a more precise characterization of the Ransomware-as-a-Service (RaaS) business model – a model where ransomware authors and criminal groups market and lease their services on the dark web.  A ransomware attack can be a daunting experience for any company, potentially leading to data breaches, financial losses, and damage to reputation. In such critical times, having a well-crafted crisis communication statement is crucial for managing the fallout and maintaining trust among stakeholders.


Navigating a Ransomware Attack: Crafting an Effective Crisis Communication Statement

When a company falls victim to a ransomware attack, the immediate response is paramount. A transparent and well-articulated crisis communication statement can make a significant difference in how the incident is perceived by customers, employees, partners, and the public at large.

Key Elements of an Effective Crisis Communication Strategy

1.   Remind staff about news media and social media policies

  • Only the pre-determined authorized person and communication team leader should serve as the spokesperson with the pre-created crisis communication statement with dates and known facts filled in.

  • It’s important to know that organizations need to comply with the relevant regulations. In the United States, timeframes for reporting cybersecurity breaches vary by state or agency.

  • Address the incident swiftly, acknowledging the severity of the situation.  Utilizing online channels for communication might be unfeasible during a ransomware attack. Resorting to traditional offline methods like memos, notices, and landlines may provide a more reliable and secure means of communication.

  • Provide a brief overview of the incident without compromising security details.  

2.  Assurance of Action:

  • Assure stakeholders that the company is taking immediate steps to contain and investigate the breach.

  • Share details about collaborating with cybersecurity experts to address the issue.  


3.  Information on Impact:

  • Communicate the potential impact of the ransomware attack on data, services, or operations.

  • Be honest and transparent about any data breaches and the measures being taken to protect affected parties – both internal and external stakeholders. Concealing such incidents can severely harm the company's reputation.

  • Provide robust customer support through suitable channels, ensuring customers have access to comprehensive and consistent information to effectively address any queries or concerns arising from the attack

4.  Contact Information and Support

  • Provide a dedicated point of contact for stakeholders seeking more information.

  • Offer guidance on how affected individuals can seek support, such as contacting relevant authorities or credit monitoring services.

  • Provide timely updates as the situation unfolds.


Strategies for Recovery and Renewed Trust:

Facing a ransomware attack requires a strategic and well-executed crisis communication plan. By promptly addressing the incident, providing transparent updates, and taking decisive action, companies can mitigate the impact of the attack on their reputation and rebuild trust with stakeholders. A resilient crisis communication strategy is not just about weathering the storm but emerging stronger on the other side.

Strengthening Your Defenses: Best Practices to Thwart Ransomware Attacks


In the ever-evolving landscape of cyber threats, adopting proactive measures is crucial to fortify your organization against ransomware attacks. Begin by ensuring that your software and systems are regularly updated and patched to address potential vulnerabilities that could be exploited by cybercriminals. Education plays a pivotal role; empower your employees with cybersecurity awareness training, teaching them to recognize and thwart phishing attempts while emphasizing the importance of steering clear of suspicious links and attachments. Regular patch management, review of password policies, and review of open firewall ports are all proactive steps that an organization must do to limit a threat. End-users are the weakest point and educating users to identify risky email is paramount.

Be especially wary of unexpected emails that contain links and any Microsoft Office email attachments that advise you to enable macros to view its content.

To enhance these practices, deploy advanced antivirus and anti-malware solutions that actively detect and neutralize potential threats before infiltrating your network. Establish a secure backup strategy by routinely backing up critical data and storing it in an isolated environment. This not only facilitates recovery in the event of an attack but also renders ransom demands ineffective. Additionally, restrict user privileges by limiting access to sensitive information based on job roles, and regularly review and adjust these access levels. By implementing this comprehensive approach, organizations create a robust defense mechanism, significantly reducing the risk of falling victim to ransomware attacks and ensuring the resilience of their digital infrastructure.

Eradication Steps

Begin by identifying the specific variant of ransomware using free tools to gain insights into its behavior. Common types include screen lockers and encryptors, each necessitating different approaches. Once the ransomware variant is determined, search for decryption tools through resources like No More Ransom. This proactive approach enhances the ability to address and counteract the impact of the ransomware, allowing for a more strategic and informed response.


After successfully eliminating a ransomware infection, initiate the recovery process by promptly updating system passwords and restoring data from backups. Adhering to the

3-2-1 rule, maintain three copies of data in two different formats, with one stored offsite to facilitate swift restoration without succumbing to ransom demands. Perform a security audit post-attack, ensuring system updates to thwart vulnerabilities in older software and implementing regular patches for current, stable, and malware-resistant machines. Refine the incident response plan based on lessons learned and communicate the incident comprehensively to relevant stakeholders.

In the event of a ransomware attack, promptly report the incident to law enforcement or the FBI as it constitutes extortion and a criminal offense. Authorities may aid in decrypting files if recovery efforts prove futile. Deliberating on whether to pay the ransom is intricate; experts advise considering payment only if all other options fail, and the harm of data loss surpasses the payment. Deciding whether to make a ransom payment is a very complex decision. Consulting with law enforcement and cybersecurity professionals is crucial before making any decisions, as paying ransomware doesn't guarantee data retrieval and may perpetuate cybercriminal activities.

At Rekruitd, we understand the challenges of staying ahead of the ever-evolving cybersecurity landscape and the need to find specialized talent quickly. We work with CIO's and CISO's and their teams, struggling to hire skilled Cybersecurity and Information Technology professionals to secure their systems and reduce data and privacy risk.





bottom of page