9 steps to take if your IT systems are under attack

If your business or organisation’s IT system is infected with malware or ransomware, SoGlos shares some steps which could help save the day.

By Andrew Merrell  |  Published
As part of SoGlos’s CyberGlos series, we run through the steps to take if your business or organisation’s IT is subject to a malware or ransomware attack.
As part of SoGlos’s #CyberGlos series, we run through the steps to take if your business or organisation’s IT is subject to a malware or ransomware attack.

While the perpetual message to us all is to ensure our online systems are secure, it's almost inevitable that a breach will happen eventually – and knowing what to do when that happens could be crucial.

And who better to turn to for what to do when that happens than the National Cyber Security Centre. It suggests following the tips below, which might just save your business or organisation.

Pull the plug

In the event of a cyber attack infecting your business or organisation with malware or ransomware, immediately disconnect the infected computers, laptops or tablets from all network connections, whether wired, wireless or mobile phone based.

Disconnect from the internet

In a very serious case, consider whether turning off your WiFi, disabling any core network connections (including switches), and disconnecting from the internet might be necessary.

Reset your systems

Reset all your systems credentials, including passwords (especially for administrators and any other system accounts). Remember to make sure you do not lock yourself out of systems that are needed for recovery!

Wipe all infected devices

Safely wipe the infected devices and reinstall the operating system (OS). This means that you should safely erase all data from your hard drive to render it unreadable. Ideally you should have a back-up system in place already.

Double check before you restore your systems

Assuming you carry out step three, above, and before you restore from a backup, verify that it is free from any malware. The NCSC points out you should only restore from a backup if you are confident both it and the device you are connecting it to are clean.

Only reconnect once you've made sure your network is ‘clean’

The same applies to any other devices. Only connect them to a ‘clean’ network in order to download, reinstall and update the OS and all other software.

Run antivirus software

Once all of the above is done, remember to install, update, and run antivirus software on all devices too.

Do not rush to reconnect

Only when you have carried out the steps above should you reconnect to your network. If you jump straight to ‘reconnect’, you risk reinfecting your systems and undoing all your hard work.

Remain vigilant

Even if you have meticulously carried out all of the above, make sure you monitor network traffic and run antivirus scans to identify if any infection remains. It's better to be safe than sorry.

The NCSC website carries plenty more advice on the subject in more detail, including its helpful document 'Technical Approaches to Uncovering and Remediating Malicious Activity'.

More on CyberGlos

More from Business