What to do if Your Site Falls Victim to Ransomware


Cyberattacks have been on the rise for some time. Cybercriminals have become increasingly sophisticated, finding more and more clever ways to breach the security of both individuals and businesses. When a business suffers a ransomware attack, especially on their website, it can devastate the company and paralyze its operations. While the threat will always exist, a few practices can help reduce the risk of infection. If a site still falls victim to a ransomware attack, knowing how to recover quickly can mean the difference between getting back to business as usual or going bust.

Understanding Ransomware Attacks

Notoriously difficult to prevent, and always evolving, ransomware attacks will likely be an ever-present concern for companies on the web. Unfortunately, all too many companies adopt a reactive approach to site hacking, only responding to problems once they have occurred. While having a recovery plan can be important, the first line of defense should be prevention.

Understand that no measure will completely eliminate or prevent all threat of cyberattack. If a hacker wants to take down a site badly enough (and has a sufficient degree of skill and knowledge) he or she will find a way to do it. Thus, a layered defense, with multiple measures intended to hamper access to a site’s secured areas, provides the best prevention. This includes:

  • Using antivirus and security software

Ensure that your site runs some form of security software and keeps it up to date. This software should detect malware, abusive login attempts, and other attempts to exploit soft points in your site’s security and provide countermeasures. A program that regularly patches site software can also prove invaluable to a strong site defense.

  • Create security policies for employees

Anybody with secured access to your website should know and follow basic security procedures. These might include avoiding clicking on links in emails from unknown senders, opening attachments in emails or comments posted on a site, or installing questionable software (like plugins) created by unknown or poorly reviewed authors. A surprising number of attacks become possible simply by obtaining user credentials directly from a site’s employee through a phishing campaign, so strong education and email policies can be key.

  • Limit access

Another wise buffer against attack, limiting access can hinder many intrusions. The more people with access to administrative areas of a site, the greater the risk of one providing access for a hacker. Although the grant of access will most likely be unintentional, motives matter little once the damage occurs. After all, if a hacker gains credentials for someone with limited access through a phishing attack, they may be able to create a little mischief but should have a harder time taking down the entire site.

What to do After an Attack

As noted, no security measure can provide absolute security against a cyberattack. Thus, should your site fall victim, knowing how best to recover quickly will be critical. Ideally, you will want to restore normal operations without being forced to comply with a ransom demand. But, doing so will require planning and preparation.

  • Frequent Data Backups

Regular data backups can prove invaluable after a ransomware attack. You should ensure your site backs up frequently to a location outside the server. A number of services exist to do just that, including many CDNs, cloud storage services, etc. Having the backup outside the infected server will reduce the risk of further corruption. However, scan the backups before reinstalling to ensure the infection did not occur before the creation of the backup copy.

  • Contact the Authorities

Many forms of cyberattacks carry criminal penalties in the United States. As a result, following an attack, you should contact law enforcement to report the incident. They may have access to powerful resources to help investigate the source of the intrusion, recommend ways to prevent future attacks, and track down the parties responsible.

Law enforcement may need to warn others (including the public) about the attack and how it occurred. This might include your own customers or other businesses similarly affected by an attack. Cooperating can help keep you and your company out of legal trouble for failing to report a situation that led to another’s loss or injury.

  • Never Pay the Ransom

This point may be hard for some to accept. Though you may feel strongly tempted to pay the ransom to regain control of your website, do not do it. Hackers using ransomware do so to make money. Paying them only encourages them to continue performing these types of attacks. Instead, contact your hosting company, regain control of your servers, restore your site from your backups, and harden your security against future intrusions.

Choose a Hosting Company That Takes Your Site’s Security Seriously

InMotion Hosting partners with several security providers in an effort to reduce the risk of cyberattacks to our customers. We provide features such as auto-updates, hack protection, custom firewalls, DDoS protection and more in an effort to keep your site safe. Similarly, InMotion Hosting offers software solutions (such as Sucuri and Patchman) that customers may elect to use to further enhance their protection.

If you want to experience secure, fast, and reliable web hosting services at some of the industry’s most affordable prices, you want InMotion Hosting. Click here to learn more about our product offerings.

Was this article helpful? Join the conversation!