The message on all the screens reads, “All your files are encrypted.”

The Pandemic has brought out some vile people out of the woodwork. From a phone scam designed to steal from your mom, a social app intent on stealing your children, to hackers stealing your business.

Your phone rings and you hear the words, “They got everything: servers, workstations, backups…and, for good measure, they extracted 2TB of data from our system and say they’ll post it on the web.” The whirlwind begins. There’s insurance, lawyers, consultants, investigators, negotiators. You decide to pay the ransom, get the decryption keys and the process runs anew, albeit painfully slower than you would have thought.

Attempting to reuse any part of your environment is a huge risk: The systems are still compromised, and the exploits used for the infiltration are still there. Consequently, you need a plan and resources to rebuild everything as quickly as possible. This includes sterile networks, fresh installs and data restoration as well as significant monitoring to ensure security holes are not left open.

The recovery will be a dynamic situation in regard to priorities, resources and roadblocks to navigate.

However, the following can facilitate a faster recovery:

  • Have up-to-date documentation in an offline location, including a password vault. Often, the system that contains your documentation is encrypted. The inability to access documentation slows down the recovery process, as resources become dependent on the one staff member who has the information memorized.
  • Shut down systems immediately upon recognizing that they’re being encrypted. The number of machines encrypted can be minimized with simple monitoring tools that recognize services going offline and responsive administrators who recognize the threat and make quick decisions to take them offline. This prevents the encryption process from propagating, which greatly decreases the time to recover business systems.
  • Have local copies of your backups. One of the most time-consuming components of recovery is moving a large volume of data. Cloud backups are great as a last resort, but the amount of time required to download and then restore is prohibitive. In many cases, this is a primary reason companies decide to pay the ransom, as restoring from cloud backups simply takes too long.
  • Have your contacts and critical information printed and accessible. Insurance contacts, policy numbers, lawyers, vendors and support contract information readily available minimizes chaos at the most critical times.

Contact your CPA at Ricci & Company for more information. © 2020

  • FB
  • Linkdin
  • Twitter

Ricci & Company, LLC
1030 18th Street NW, Albuquerque, NM 87104 -
505 338 0800 office

Ricci & Company, LLC is a limited liability partnership and the U.S. member firm of RSM International, a global network of independent audit, tax and consulting firms. The member firms of RSM International collaborate to provide services to global clients, but are separate and distinct legal entities that cannot obligate each other. Visit for more information regarding RSM US LLP and RSM International.