Help, I have become a victim of ransomware, now what?!
An employee within your organisation has received an e-mail with the message that his/her payslip is ready. The e-mail displays the following hyperlink: “Click here to view your payslip”. Your employee clicks on the link and is presented with a login screen. He/she tries to log in, but suddenly the system doesn't work properly anymore. The employee contacts the IT service desk.
The IT service desk employee sees a .txt file on the desktop called !KUPIDON_DECRYPT.TXT. It appears to be ransomware. After further investigation he sees that there are more files renamed with a file extension “.kupidon”. Ten minutes later, the phone starts ringing more frequently and the IT service desk gets the same message from more employees. An hour later, all information systems and servers appear to have been hit with the Kupidon ransomware.
The file !KUPIDON_DECRYPT.TXT describes the demand for the company to pay $60,000 in Bitcoins to decrypt the files. This is the so-called ransom letter containing the ransom demand. The company now has to make an important consideration: do they want to pay the attacker $60,000 in Bitcoins or do they want to risk shutting down the company for several days and potentially losing valuable files? The board also wonders if any data was captured. This is a very tricky situation where calling in the police or an outside party can provide the right help. The police focuses on tracking down the perpetrators, while private investigators help mitigate the damage. They guide an affected company through this crisis situation. Making the wrong choices can lead to very serious financial damage or even bankruptcy.
Although paying the criminals is not the preferred outcome, it often does turn out that way in practice. The loss that a company incurs by being shut down for a few days or even weeks is often greater than the amount of money requested. If the choice is made to pay the amount, it is important that the process is as smooth as possible. Here are some tips for when your organisation is unexpectedly hit by ransomware:
- Do not panic.
- Immediately contact experts who are experienced and know how to proceed.
- Then trust the external party.
- If you opt for payment, let the (crypto) specialists guide you through this.
- Ask the specialists to help you get back online in a ‘healthy’ way again.
- Always report the crime!
The situation described above can be tremendously stressful. DataExpert is ready to unburden you and support you in this process. For more information, please contact us.