If we get hit by ransomware, what actually happens next? Would we have to pay?
Here is the sequence when it goes right. Detection (increasingly by security software rather than a ransom note) triggers isolation: affected machines come off the network fast to stop the spread, which is why minutes matter and why 24/7 monitoring earns its keep. Then assessment: what was encrypted, what was exfiltrated, how the attacker got in, and, critically, the state of the backups. Then recovery: rebuild or wipe affected systems, restore data from backup, close the entry hole, and rotate credentials. With good preparation, a business can be substantially operational in days, sometimes hours, and the incident is an expensive nuisance rather than an existential event.
The pay-or-not question is mostly decided before the attack. If clean, immutable backups exist (copies ransomware could not reach or alter), paying buys you nothing; you restore and move on. Without them, the options are all bad: pay criminals for a decryption tool that works imperfectly or not at all, marks you as a payer, and may be legally complicated (some payments to sanctioned groups are prohibited), or lose the data. Law enforcement and insurers uniformly push against paying, and the businesses that pay are overwhelmingly the ones that had no other card to play. Modern attacks also steal data before encrypting it, so payment does not undo the breach side either.
There is also process around the event: cyber insurance carriers want immediate notification and often direct the response; breach notification laws may apply if personal data was taken; and evidence should be preserved. The takeaway to act on today is unglamorous: the entire difference between the bad version and the manageable version of this story is preparation (immutable tested backups, EDR, MFA, monitoring, and a response plan that exists before the morning it is needed).
Want a straight answer about your setup?
Asheville Computer Company is a local managed IT provider based in Arden, minutes from most of Asheville.
Call (828) 290-9092 or visit ashevillecomputercompany.com for a free, no-pressure consultation.