How to Outwit a Ransomware Attack

Updated 01/15/2022


We know that you’re busy and while you intend to put more cybersecurity policies, standards, and technology in place, it’s hard to find the time (and budget). But the truth is, is that there’s a ransomware attempt every 11 seconds.  

You may not be able to avoid an attack all together, but with the right team and tools, you will recover.  

In this article you’ll get: 

  1. An example of how we helped one of our clients get their data back and avoid paying ransom.  
  2. Specific tips on what you should do when your organization is under attack.  
  3. Additional advice on how to outsmart an extortionware attempt. 


The ransom note was clear; their company files had been seized. The hackers were demanding $10,000 payable in bitcoin (a small amount by today’s standards). However, the mistake these would-be thieves made was giving the client 72-hours to pay. 

When the client call came through to our 24-hour, 7 days a week help desk we immediately went into action. 

First, we called the client and requested that they unplug all the computers to protect the network.  

Next, using our remote access capabilities we found that one of the company’s servers had been infected. Luckily, they we had already completed their Business Impact Analysis and had their most important data, applications, and O/S already backed up and protected.   

Using our signature cloud backup and onsite backup methodology, we were able to retrieve and restore all the data within an hour. 

At the same time the client was on the phone with us, our technical team was dispatched and on site within the hour. Once there, we systematically searched all devices computers until we found “patient zero.” Total company downtime 2 hours, with no loss of data, and their bank account intact. 

How did the hackers find their mark? Through an innocent looking email sent to an unsuspecting employee. 

What you should do if you suspect a breach

  1. First step: Unplug the computer from the internet / network connection.   
  2. If you're on Wi-Fi, turn off the Wi-Fi connection. 
  3. Second step: Take a photo of the pop-up or website redirect with your smart phone and send to your IT or Information Security team so they can analyze it and advise on how to handle. 

How to Avoid Extortionware

Extortionware is a type of cyberattack where your data is removed from your network. Then, the cyber criminals use ransomware to hold your data hostage and then threaten to release your sensitive company data on a public-facing website if their demands are not meant.  

These attacks are prevalent in the manufacturing, educational, financial, and healthcare industries. The reason being, is that these industries have valuable intellectual property and other highly sensitive information.  

An extortionware attack requires that the cybercriminals have access to your data and network for an extended period.  

 According to the IBM-Ponemon data breach study, it takes 287 days before an organization recognizes a breach. Which means that in many instances, criminal organizations can be in your network for nearly a year. That is enough time to sabotage your backups and remove data from your company.  

The best way to outsmart this type of attack is to have a plan that includes advanced endpoint security and use of a Security Information and Events Management System with Security Operations Center; this is in addition to a Business Continuity and Disaster Recovery plan which include backup and disaster recovery.   

These cost-effect approach should dove-tail with your general business planning.  

We’re here to help. If you have any questions about security for your organization, please contact us at 866.680.3388 or email us at

Our fully managed end to end intelligent business continuity solution saves middle market and small-Enterprise organizations from ransomware, malware, and even human error. 


IBM 2021 Ponemon Report