ISOLATE THE INFORMATION
Frequently Asked Questions
HOW WAS MY INFORMATION ENCRYPTED?
There are different ways in which these types of attacks can happen. The most common is through social engineering where, through various mechanisms, they manage to impersonate the identity of an employee and with it, credentials of the different systems. Similarly, there are technical methods such as RDP attacks, Phishing emails, Malware, vulnerabilities in different software, among others.
WHAT HAPPENS IF I PAY THE EXTORTION?
According to studies, only 8% of companies manage to recover all their information after paying the extortion. Apart from this, depending on the legislation of the country where the company is located, it may even be illegal to pay the ransom by sponsoring criminal groups. Our recommendation is never to pay, even not to contact cybercriminals as they could complicate the case to pressure them to pay.
HOW CAN I AVOID THE CASE GETTING COMPLICATED?
Initially it is recommended to disconnect compromised computers from the network immediately. Following this, it is recommended to immediately make backup copies of the computers that have not been affected and immediately change the passwords for all types of access and eliminate any strange user detected in the different systems. Following this, we recommend making an IP change with the internet provider and checking if there are backup copies with which to restore the affected systems.
HOW SHOULD I PROCEED TO RECOVER MY INFORMATION?
According to the regulations of the country where you are, it is important to review the laws as to whether or not you must notify the competent authorities about said attack. Once done, we suggest isolating the affected computers from the network and contacting us immediately to evaluate the case and help you with said recovery. We highly recommend not to contact, much less pay extortion to cyber criminals.