In our most recent article, we discussed what precautions to take so your business does not become the next victim of ransomware.

However, you might not have been that lucky and are currently searching for the best actions to take in regards to decrypting the files that have been modified on your network.

We will be outlining the 5 keys steps to recovering from a Ransomware attack withing the business.

1: Call an expert.

Straight off the bat – get a 3rd party in to analyse the security attack. It’s an extra pair of hands and that’s exactly what your IT department/supplier need in this time of crisis.

Not only will the expert know what steps to take they’ll have been through the process a number of times, unlike the incumbent IT provider/staff.

The benefit to the business is having an outsider’s view of your security processes.

Call the experts, you can find a local expert in out IT Business Directory.

2: Don’t pay the ransom.

The ransomware will be asking for payment in bitcoins most commonly. We highly recommend that should you opt to pay the ransom that you seek professional advice since the process can be tricky (not least sourcing this number of bitcoins quickly).

Also, note that should you get a working decrypt tool it is unlikely they will recover 100% and in approximately 50% of Zepto cases there is a least one other ‘secondary encryption’.

3: Definitive list of decryption tools.

Here’s the current list of decryption tools available for free.

Last updated: 25/08/16

Apocalypse Decryptor  (Author AVG)

BadBlock Decryptor (Author AVG)

Crypt888 Decryptor (Author AVG)

Legion Decryptor (Author ABG)

SzfLocker Decryptor (Author AVG)

TeslaCrypt Decryptor (Author AVG)

Wildfire Decryptor (Author Kaspersky)

Shade Decryptor (Author Kaspersky)

Rakhnidecryptor (Author Kaspersky)

Rannoh Decryptor (Author Kaspersky)

Coin Vault Decryptor (Author Kaspersky)

Xoristdecryptor (Author Kaspersky)


You will also need to take steps from further outbreaks. Follow our ransomware protection steps listed here.


4: Information Security & client data.

Has any of your information been leaked?

What are the chances that encrypted data from the virus has left your network and is now in the hands of the ransomware attackers? Has there been a breach of data and should it be reported to the Information Commissioner’s office.

From a technical perspective that is up to your IT security expert to decide.

In regards to reporting the breach to the information commissioner’s office the best place to start is with this document which will guide you one what type of breaches should be reported:

ICO’s Data Breach Reporting PDF

5: Take Control

Once the dust has settled it’s worth taking a step back and looking at how this situation happened.

Take note of what the IT security vulnerabilities are within your business. Get all parties involved to have input on the reporting process.

Set goals within the report and how they will be achieved. Be honest and get the truth from all individuals – it’s essential.



We hope this article has given you the tools to ask the right questions and take the correct actions. If we can be of any assistance the please do not hesitate to call us today.