Hit by ransomware? The seven stages of grief your customers will go through


How to help your customers deal with the fallout of a ransomware attack

Ransomware is one of the most prominent and prolific IT threats of recent years. Within hours of a device being affected, a company’s whole IT infrastructure can become paralysed, grinding the business slowly to a halt. When hit by such an attack, IT professionals and users alike experience a range of different feelings, from panic to confusion to dread – and beyond. As a reseller, you will have to help deal with the fallout of such an attack efficiently and effectively, and it is important to not let these feelings, while understandable, get in the way.

Let’s review the seven stages of ransomware grief that your customers will inevitably go through when falling victim to such an attack:


Many people will be right in the middle of working on an important document or catching up on emails when ransomware strikes. In a surreal sequence of events, their screen will go blank and they’ll be told: “your computer has been locked”. While not every single user might immediately understand the exact repercussions of a ransomware attack, most of them intuitively know that something very bad has happened. When all attempts at restarting the computer have failed, it will be time for them to come to terms with the shocking and unsettling truth: they’ve been attacked.


The denial phase can often start way ahead of an actual attack. No one ever expects to be the target of a cyber crime. With billions of devices out there, many people believe that the odds of them falling victim to an attack are incredibly slim. But ransomware is a very lucrative business for cybercriminals and, as such, is unlikely to be resolved anytime soon. Just recently, Gartner reported that ransomware attacks quadrupled over 2016, incurring approximately one billion US Dollars in damages. According to the FBI, of those organisations affected, 30 percent had at least one endpoint compromised. All it often takes is for one device to become infected, so ignoring a threat like ransomware will not make the problem go away.


Once your customers have come to terms with the new reality they now face, they are likely going to be angry for a while. Angry that their privacy has been violated, angry that their data is being held hostage and angry that their business is now at a standstill. They will, rightfully, be upset about the situation and you will have to be the voice of reason helping to ensure that their emotions aren’t clouding their judgement. It is important to stay calm, focused and positive during an attack. The focus should be on how to overcome, not succumb to, this situation.


Victims of a ransomware attack often face a dilemma if they want to regain control over their devices: they either pay up and hopefully get their data back, or they cut their losses and start again from scratch. Now, the more sensitive and business-critical the data in question is, the more likely your customers are to go for the first option. However, it is a topic of contention within the industry whether it is advisable to pay the ransom. While it might seem like the quickest way to take back control, there are no guarantees that the criminals will actually release the data.

According to a recent report on ransomware, of those companies that paid the ransom, 19 percent didn’t get their files back. Furthermore, the likelihood of the company experiencing further attacks is significantly increased, as the criminals now know there is money to be made here and they’ve found a path in previously. Instead of paying the ransom, advise your customers to invest in a solid strategy to bolster email security capabilities that detect and isolate harmful emails and phishing attempts. Additionally, make sure they pursue a long-term, holistic approach with employee training to help individuals identify and report malicious emails and links. Not only will this help customers overcome any attacks relatively quickly and unscathed, it also positions resellers as a knowledgeable expert and proactive problem solver that customers can turn to in times of need.


While it is essential to find out how a ransomware attack unfolded, it is important to stress to your customers not to assign blame internally. If their employees fear repercussions from reporting cyber attacks, they will be far less likely to alert their IT teams and subsequently come to you for help. You should advise your customers to create an open dialogue between them and their employees, that empowers them to speak up, no matter the circumstances. This will help them stay informed about all potential threats and breaches, and establish you as a trusted advisor.

Feeling Blue

Sad businessman

When ransomware occurs, it is crucial to lead by example and take on a solution-oriented approach and a positive attitude. During an attack, time will work against your customers so it is important that they lift their teams up, take action and solve the problem before any more harm can be done. The sooner the situation is diffused, the sooner your customers and their employees can breathe a sigh of relief and feel at ease again.


Your customers will need to accept that the threat of ransomware is out there and could come back at any time. However, that’s not to say they should just resign to their fate. They need to prepare for any future attacks as soon as possible to avoid losing valuable business hours to downtime or sensitive data being accessed by system intruders again.


Bojan Dusevic is senior director, product management at Intermedia

Read also :