Skip to main content
Cyber News

How to Recover After a Ransomware Attack

By July 5, 2022No Comments

Ransomware attacks against veterinary practices have become popular in the past few years, partly due to cybercriminals’ ability to monetize their attacks. The impact of these cyberattacks on the veterinary industry has resulted in increased cybersecurity investments to avoid falling victim to such attacks. However, even with investments, there is still a high chance that cybercriminals will be able to target and succeed in launching a ransomware attack. Therefore, it is important to have a ransomware recovery plan that can help you navigate a ransomware attack with ease.

What Is a Ransomware Recovery Plan?

A ransomware recovery plan is a set of laid-out procedures and protocols that address how to recover and restore your computer systems after a ransomware attack. Following a surge in ransomware attacks in the past few years, ransomware recovery plans have become part and parcel of most cybersecurity response strategies and can also help your veterinary practice recover from a ransomware attack.

Six Ways to Recover After a Ransomware Attack

Despite having all the security measures in your practice, there is still a chance that you may be targeted by ransomware that succeeds in bringing your systems down. Below are some tactics and tools you can use to restore your systems as fast as possible.

1. Don’t Pay the Ransom

Once a ransomware attack is successful, cybercriminals do not waste time asking for payments in order to get your data and computer systems back. Unfortunately, many end up paying their attackers. A good case study is last year’s Colonial Pipeline attack, when the company paid $5 million a day after the attack. Although the company paid the cybercriminals instantly, it took weeks before their systems were fully restored, and they did much of the work before receiving the decryption keys.

Therefore, as a veterinary practice, it is good practice to avoid paying cyber criminals because there is a high chance that, once payment is completed, decryption keys will not be handed to you. There is also a high chance that paying them only puts your practice at risk of future ransomware attacks.

2. Server the Ties

Upon noticing that you are under attack, it is important to isolate some sections of your network and computer systems that have not been affected. Isolation of wireless connections, wired connections, and additional network components that are connected directly to your network, including external storage and accounts linking your computer systems to backups.

If a ransomware attack is detected early enough, there is a high chance that you will be able to isolate it to only a few sections of your computer system. Therefore, when doing a full recovery of the system, most of your data and computer systems will be unaffected. This makes it easy to restore your systems.

3. Call the Experts

There is a high likelihood that you may not have the in-house resources to address the fallout from a ransomware attack. In such cases, your next best bet is to call in experts who can help you address the ransomware attack.

With experts, you will be guaranteed a quick response to the cyberattack and a likely system recovery. Calling an expert will not only deal with the decryption key issue, but they will also help with isolating uninfected devices and help curb the spread of ransomware.

4. Inform Law Enforcement

Although it is not a legal requirement in almost all states and there is no federal law that requires a report to be made after a ransomware attack, the best way to fight cybercriminals is by notifying law enforcement. Submitting a ransomware attack report to the FBI’s Internet Crime Complaint Center can help prevent future cyberattacks targeted at other veterinary practices.

5. Check Whether Your Data Was Exfiltrated

Veterinary practices deal with sensitive data such as clients’ addresses, and in some cases, banking details, and social security numbers for their staff. Therefore, it is important to ensure none of this data has been lost to cybercriminals.

The best way to check whether your data is still intact is throughout your firewall, which will show large data transfers to some unusual places. If your data has been exfiltrated, it is important to inform the parties affected in order to avoid further damage.

6. Restore Your System

The last step in your recovery plan should be the restoration of your computer systems. At this point, you should start by running antimalware/antivirus software and doing a full audit of your system to ensure it is ransomware free. For affected computers, there is a high chance you will need to clean them fully by erasing all infected files. In extreme cases, you will need to wipe out all of your storage devices and start afresh.

If you have backup data, then it is advisable to wipe out all of your storage and start afresh with a snapshot of your saved files and system. Doing this ensures that the ransomware is fully eradicated from your computer system while still guaranteeing your data will not be corrupted once a full restoration process is completed.

Need help protecting your hospital from Cyber Crime?

Download our FREE ebook “5 Simple Steps to Protect Your Hospital“. It contains simple low-cost solutions to protecting your hospital.

Clint Latham