{"id":12738,"date":"2025-10-20T11:08:27","date_gmt":"2025-10-20T10:08:27","guid":{"rendered":"https:\/\/mspglobal.com\/blog\/?p=12738"},"modified":"2025-10-21T14:13:39","modified_gmt":"2025-10-21T13:13:39","slug":"how-to-survive-a-ransomware-attack","status":"publish","type":"post","link":"https:\/\/mspglobal.com\/blog\/how-to-survive-a-ransomware-attack\/","title":{"rendered":"How to survive and recover after a ransomware attack, by SITC&#8217;s Paul Meyers"},"content":{"rendered":"\n<p>When a ransomware attack strikes, every second counts. Few know this better than Paul Meyers, Managing Director of Stock In The Channel, a leading B2B ecommerce platform serving IT resellers and MSPs around the world. After a ransomware attack hit the company, Stock In The Channel was back online within just 24 hours\u2014a turnaround that many organisations can only dream of.<\/p>\n\n\n\n<p>In this candid account, Paul shares how the attack unfolded, the critical decisions that enabled such a rapid recovery, and the lessons MSPs and IT leaders can take away to prepare for their own \u201cworst day.\u201d<\/p>\n\n\n\n<p>Catch Paul at MSP GLOBAL this week\u2014scroll down for the when and where.<\/p>\n\n\n\n<figure class=\"wp-block-embed is-type-video is-provider-youtube wp-block-embed-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio\"><div class=\"wp-block-embed__wrapper\">\n<iframe loading=\"lazy\" title=\"Ransomeware attacks: what MSPs need to have in place\" width=\"500\" height=\"281\" src=\"https:\/\/www.youtube.com\/embed\/jBNeXK9fgOU?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen><\/iframe>\n<\/div><\/figure>\n\n\n\n<h2 class=\"wp-block-heading has-large-font-size cfs-article-heading\" id=\"h-how-it-unfolded\" style=\"font-style:normal;font-weight:600;line-height:1.3\">How it unfolded<\/h2>\n\n\n\n<p>August 11<sup>th<\/sup>, in the evening\u2014a date I won\u2019t forget in a hurry. We run a business with customers in Australia and the US, so we\u2019re on 24 hours. Around 10:00pm, we started getting reports from our customers in Australia that stuff wasn&#8217;t working or loading properly. That\u2019s when we started investigating.<\/p>\n\n\n\n<p>It got worse. By about midnight, everything went offline. We didn&#8217;t know what it was at the time. So we thought there&#8217;s nothing else we can do: we just have to get to the data center and see the actual machines and what&#8217;s happening. When we got there and we fired up one of the machines, there was a ransom note from Akira Ransomware. My heart sank seeing that.<\/p>\n\n\n\n<p>It was a horrific moment. We&#8217;d been expecting it because so many other companies had experienced it. We knew that we were a target, but seeing it is a horrific experience.<\/p>\n\n\n\n<h2 class=\"wp-block-heading has-large-font-size cfs-article-heading\" id=\"h-assessing-the-damage\" style=\"font-style:normal;font-weight:600;line-height:1.3\">Assessing the damage<\/h2>\n\n\n\n<p>The way that the ransomware actors work is they cut off access to the system. So we were increasingly blind.<\/p>\n\n\n\n<p>The first thing we did was to look to see if the attack was still ongoing. We realized that the attackers were still active on our network. The first thing we did was shut off all the affected machines because they were working to encrypt all the data to then exfiltrate it. Shutting everything down gave us some breathing space to decide what to do. Then we tentatively started looking at turning on machines and assessing the extent of the damage.<\/p>\n\n\n\n<p>I think that&#8217;s when it can be easy to be tempted to rush into things instead of taking a step back. Is everything affected? Is everything encrypted or is it only partial and what can be salvaged and what can&#8217;t? We spent a lot of time going through and auditing the extent of the damage before taking any action.<\/p>\n\n\n\n<h2 class=\"wp-block-heading has-large-font-size cfs-article-heading\" id=\"h-back-ups-and-back-online-in-24-hours\" style=\"font-style:normal;font-weight:600;line-height:1.3\">Back-ups and back online in 24 hours<\/h2>\n\n\n\n<p>At the end of the day the best way that anybody can respond to a ransomware attack comes down to whether they have copies of the data that they can recover. If not, you&#8217;re into having to negotiate with the ransomware actors.<\/p>\n\n\n\n<p>For us, we had off-site backups, so we knew that we had all our critical data sorted and we were able to start getting it back.<\/p>\n\n\n\n<p>We have a great team, and once we realized what had happened, we had several guys who worked for 24 hours.<\/p>\n\n\n\n<p>I was first on the scene, saying, \u2018We can handle this. It&#8217;s not good. But we&#8217;ve got this,\u2019 when inside, I&#8217;m thinking, \u2018This is terrible!\u2019 I spent all day at the data center just getting coffees for the guys and bringing them sandwiches and just encouraging them, because they were heroes.<\/p>\n\n\n\n<p>They worked and worked until it was back online and didn&#8217;t stop\u2014the hackers had completely compromised our system. Well over half our servers had been encrypted, so there was a huge amount of damage, and even the ones that weren&#8217;t encrypted had still been damaged and compromised.<\/p>\n\n\n\n<p>We had done our disaster recovery practice, but until you see whether the backup and restore works, there&#8217;s that stress.<\/p>\n\n\n\n<h2 class=\"wp-block-heading has-large-font-size cfs-article-heading\" id=\"h-the-importance-of-incident-response-plans\" style=\"font-style:normal;font-weight:600;line-height:1.3\">The importance of incident response plans<\/h2>\n\n\n\n<p>We&#8217;d thought about our incident response plan, and we&#8217;d discussed it internally, and made sure that our structure was good, that we were backed up and that we would be able to recover. But it wasn&#8217;t formalized enough. There were bits that were missing, that could have been done quicker, bits that we lost and information that we could have had to hand that we didn&#8217;t have. There were certainly learnings from it of how it could be done better.<\/p>\n\n\n\n<p>Formalizing everything is the big thing, but also make sure you have your backup plan sorted. Make sure that your backup is offsite because the hackers will log in and the first thing they&#8217;ll do is delete or format your backup drives, which is what they did to us. So format your main backup.<\/p>\n\n\n\n<p>Make sure that you&#8217;ve got a variety of your crucial data stored in different places so that it\u2019s not accessible and hackers aren&#8217;t going to be able to find it all, even if they get control over your main network.<\/p>\n\n\n\n<h2 class=\"wp-block-heading has-large-font-size cfs-article-heading\" id=\"h-cybersecurity-in-house-vs-outsourcing\" style=\"font-style:normal;font-weight:600;line-height:1.3\">Cybersecurity: in-house vs. outsourcing<\/h2>\n\n\n\n<p>We have our cybersecurity and network people in-house. In the last three or four years, we&#8217;ve decided that cybersecurity is so crucial that we need to have it as part of our core competencies. It&#8217;s too important.<\/p>\n\n\n\n<p>After the attack, we had an external forensics agency come in and validate that our response and processes had been correct\u2014we have some very big customers and they have their own cybersecurity teams and their own due diligence to do, so we had to do a lot of proving that yes, we were hacked, but it wasn&#8217;t through our negligence, and that the way that we responded to the attack was appropriate.<\/p>\n\n\n\n<p>If you\u2019re outsourcing cybersecurity, they must really understand the business. A cybersecurity company will do pen testing and say, \u201cHave you got Cyber Essentials, are you ISO 27001 compliant?\u201d But that won&#8217;t save you. They&#8217;ve got to be thinking how your business works and not just \u2018yes, you&#8217;ve got the latest patches on your servers, yes, you&#8217;re following all the things\u2019. That&#8217;s not enough.<\/p>\n\n\n\n<p>We had all the latest patches. We follow all the best advice for security best practice, but they still got in. There are two sides to it: the cybersecurity, trying to stop people getting in; but then assuming they&#8217;ve got in despite your best efforts, and what happens next.<\/p>\n\n\n\n<h2 class=\"wp-block-heading has-large-font-size cfs-article-heading\" id=\"h-backing-up-the-build\" style=\"font-style:normal;font-weight:600;line-height:1.3\">Backing up the build<\/h2>\n\n\n\n<p>The hackers had done a very thorough job corrupting everything. So we had to rebuild everything from scratch: reinstall operating systems, recover the data and recommission all the servers, and put everything together.<\/p>\n\n\n\n<p>One of the things we could have done better was that while we backed up all our critical data, we hadn&#8217;t backed up a lot of the configuration files. So we spent a lot of time having to recreate from scratch all the configuration that wires everything together. We&#8217;ve now made sure that we&#8217;ve got extra bits around our core data and that it\u2019s also backed up.<\/p>\n\n\n\n<figure class=\"wp-block-embed is-type-video is-provider-youtube wp-block-embed-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio\"><div class=\"wp-block-embed__wrapper\">\n<iframe loading=\"lazy\" title=\"Why every MSP needs an incident response plan\u2014in writing\" width=\"500\" height=\"281\" src=\"https:\/\/www.youtube.com\/embed\/Ac2LB03VDkQ?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen><\/iframe>\n<\/div><\/figure>\n\n\n\n<h2 class=\"wp-block-heading has-large-font-size cfs-article-heading\" id=\"h-what-to-say-to-clients-and-when\" style=\"font-style:normal;font-weight:600;line-height:1.3\">What to say to clients\u2014and when<\/h2>\n\n\n\n<p>Once we\u2019d discovered the attack, there was a temptation to give too much information. We kept it generic: there&#8217;s a problem. It&#8217;s a cyberattack. We&#8217;re working on it. We didn&#8217;t give timescales. We had some customers asking for a detailed blow-by-blow, but we didn&#8217;t give that because it would have been counterproductive. During the first few hours, the situation was fluid and changing: what we said at 10:00am could have been different by 11:00am. Once we had an idea, then we said more.<\/p>\n\n\n\n<p>I think it&#8217;s important to admit what&#8217;s happened. Being cyber-attacked is not a matter of shame. It&#8217;s an attack by sophisticated criminals. We framed it as that. The following day when we were back online, we were much more forthcoming in terms of what had happened, and we shared the information. Our customers appreciated that transparency.<\/p>\n\n\n\n<h2 class=\"wp-block-heading has-large-font-size cfs-article-heading\" id=\"h-you-didn-t-fail-it-s-inevitable\" style=\"font-style:normal;font-weight:600;line-height:1.3\">You didn\u2019t fail\u2014it\u2019s inevitable<\/h2>\n\n\n\n<p>From the meetings I had with all the big companies and their cybersecurity teams, people were genuinely very sympathetic because they saw that as, \u201cIt&#8217;s me next, isn&#8217;t it?\u201d So I think that there is a general acceptance that this is something that is happening, and it doesn&#8217;t reflect badly on companies. There are a lot of extremely sophisticated and highly motivated people who are constantly trying to find vulnerabilities in systems, and you just have to accept that that&#8217;s the way things are now.<\/p>\n\n\n\n<h2 class=\"wp-block-heading has-large-font-size cfs-article-heading\" id=\"h-my-advice-plan-and-back-up\" style=\"font-style:normal;font-weight:600;line-height:1.3\">My advice? Plan and back up<\/h2>\n\n\n\n<p>I would say to an MSP: assume it&#8217;s going to happen. Plan for the worst, get an incident response plan together, and make sure that you have multiple offsite backups. If you&#8217;ve got that, you&#8217;ll survive it.<\/p>\n\n\n\n<p><em>Catch Paul along with a stellar line-up of panelists for<\/em><a href=\"https:\/\/www.mspglobal.com\/agenda\/#\/talk?id=11440\" target=\"_blank\" rel=\"noreferrer noopener\"><em> Surviving Your Worst Day: Incident Responses That Worked<\/em><\/a><em> at the Elevator Stage, Thursday October 23<sup>rd<\/sup>, 2:10pm-2:40pm.<\/em><\/p>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>When a ransomware attack strikes, every second counts. Few know this better than Paul Meyers, Managing Director of Stock In The Channel, a leading B2B ecommerce platform serving IT resellers and MSPs around the world. After a ransomware attack hit the company, Stock In The Channel was back online within just 24 hours\u2014a turnaround that [&hellip;]<\/p>\n","protected":false},"author":31,"featured_media":12742,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"mark_post_sync":false,"footnotes":""},"categories":[1512],"tags":[],"class_list":["post-12738","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-opinion"],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v24.2 (Yoast SEO v27.3) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>How to survive and recover after a ransomware attack, by SITC&#039;s Paul Meyers<\/title>\n<meta name=\"description\" content=\"SITC\u2019s Paul Meyers recounts his company&#039;s struggle during and after a ransomware attack and gives us a valuable guide on how to recover in 24h or less.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/mspglobal.com\/blog\/how-to-survive-a-ransomware-attack\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"How to survive and recover after a ransomware attack, by SITC&#039;s Paul Meyers\" \/>\n<meta property=\"og:description\" content=\"How to survive and recover after a ransomware attack, by SITC&#039;s Paul Meyers\" \/>\n<meta property=\"og:url\" content=\"https:\/\/mspglobal.com\/blog\/how-to-survive-a-ransomware-attack\/\" \/>\n<meta property=\"og:site_name\" content=\"MSP GLOBAL BLOG\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/profile.php?id=100089083200946\" \/>\n<meta property=\"article:published_time\" content=\"2025-10-20T10:08:27+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-10-21T13:13:39+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/mspglobal.com\/blog\/wp-content\/uploads\/iStock-2219223500.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"2121\" \/>\n\t<meta property=\"og:image:height\" content=\"1414\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Francesca Cotton\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@MSPglobalevent\" \/>\n<meta name=\"twitter:site\" content=\"@MSPglobalevent\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Francesca Cotton\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/mspglobal.com\\\/blog\\\/how-to-survive-a-ransomware-attack\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/mspglobal.com\\\/blog\\\/how-to-survive-a-ransomware-attack\\\/\"},\"author\":{\"name\":\"Francesca Cotton\",\"@id\":\"https:\\\/\\\/mspglobal.com\\\/blog\\\/#\\\/schema\\\/person\\\/93fec8f66d570471e04e31ae8b5c3b96\"},\"headline\":\"How to survive and recover after a ransomware attack, by SITC&#8217;s Paul Meyers\",\"datePublished\":\"2025-10-20T10:08:27+00:00\",\"dateModified\":\"2025-10-21T13:13:39+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/mspglobal.com\\\/blog\\\/how-to-survive-a-ransomware-attack\\\/\"},\"wordCount\":1540,\"publisher\":{\"@id\":\"https:\\\/\\\/mspglobal.com\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/mspglobal.com\\\/blog\\\/how-to-survive-a-ransomware-attack\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/mspglobal.com\\\/blog\\\/wp-content\\\/uploads\\\/iStock-2219223500.jpg\",\"articleSection\":[\"Opinion\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/mspglobal.com\\\/blog\\\/how-to-survive-a-ransomware-attack\\\/\",\"url\":\"https:\\\/\\\/mspglobal.com\\\/blog\\\/how-to-survive-a-ransomware-attack\\\/\",\"name\":\"How to survive and recover after a ransomware attack, by SITC's Paul Meyers\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/mspglobal.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/mspglobal.com\\\/blog\\\/how-to-survive-a-ransomware-attack\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/mspglobal.com\\\/blog\\\/how-to-survive-a-ransomware-attack\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/mspglobal.com\\\/blog\\\/wp-content\\\/uploads\\\/iStock-2219223500.jpg\",\"datePublished\":\"2025-10-20T10:08:27+00:00\",\"dateModified\":\"2025-10-21T13:13:39+00:00\",\"description\":\"SITC\u2019s Paul Meyers recounts his company's struggle during and after a ransomware attack and gives us a valuable guide on how to recover in 24h or less.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/mspglobal.com\\\/blog\\\/how-to-survive-a-ransomware-attack\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/mspglobal.com\\\/blog\\\/how-to-survive-a-ransomware-attack\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/mspglobal.com\\\/blog\\\/how-to-survive-a-ransomware-attack\\\/#primaryimage\",\"url\":\"https:\\\/\\\/mspglobal.com\\\/blog\\\/wp-content\\\/uploads\\\/iStock-2219223500.jpg\",\"contentUrl\":\"https:\\\/\\\/mspglobal.com\\\/blog\\\/wp-content\\\/uploads\\\/iStock-2219223500.jpg\",\"width\":2121,\"height\":1414,\"caption\":\"A cheerful man in a mask celebrates success by opening a safe on a numeric code\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/mspglobal.com\\\/blog\\\/how-to-survive-a-ransomware-attack\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/mspglobal.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Opinion\",\"item\":\"https:\\\/\\\/mspglobal.com\\\/blog\\\/category\\\/opinion\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"How to survive and recover after a ransomware attack, by SITC&#8217;s Paul Meyers\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/mspglobal.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/mspglobal.com\\\/blog\\\/\",\"name\":\"MSP INSIGHTS - The MSP GLOBAL Blog\",\"description\":\"The latest news for MSPs and Tech Experts.\",\"publisher\":{\"@id\":\"https:\\\/\\\/mspglobal.com\\\/blog\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/mspglobal.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/mspglobal.com\\\/blog\\\/#organization\",\"name\":\"MSP GLOBAL\",\"url\":\"https:\\\/\\\/mspglobal.com\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/mspglobal.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/mspglobal.com\\\/blog\\\/wp-content\\\/uploads\\\/MSP-GLOBAL-BLOG.svg\",\"contentUrl\":\"https:\\\/\\\/mspglobal.com\\\/blog\\\/wp-content\\\/uploads\\\/MSP-GLOBAL-BLOG.svg\",\"width\":536,\"height\":63,\"caption\":\"MSP GLOBAL\"},\"image\":{\"@id\":\"https:\\\/\\\/mspglobal.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/profile.php?id=100089083200946\",\"https:\\\/\\\/x.com\\\/MSPglobalevent\",\"https:\\\/\\\/www.linkedin.com\\\/company\\\/mspglobalevent\\\/\",\"https:\\\/\\\/www.instagram.com\\\/mspglobalevent\\\/\"],\"ownershipFundingInfo\":\"https:\\\/\\\/mspglobal.com\\\/blog\\\/imprint\\\/\",\"actionableFeedbackPolicy\":\"https:\\\/\\\/mspglobal.com\\\/blog\\\/imprint\\\/\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/mspglobal.com\\\/blog\\\/#\\\/schema\\\/person\\\/93fec8f66d570471e04e31ae8b5c3b96\",\"name\":\"Francesca Cotton\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/mspglobal.com\\\/blog\\\/wp-content\\\/uploads\\\/cropped-fran-cotton-scaled-2-96x96.jpg\",\"url\":\"https:\\\/\\\/mspglobal.com\\\/blog\\\/wp-content\\\/uploads\\\/cropped-fran-cotton-scaled-2-96x96.jpg\",\"contentUrl\":\"https:\\\/\\\/mspglobal.com\\\/blog\\\/wp-content\\\/uploads\\\/cropped-fran-cotton-scaled-2-96x96.jpg\",\"caption\":\"Francesca Cotton\"},\"description\":\"Francesca is an experienced copywriter, copy editor and journalist with a background in B2B content across the finance, food and technology sectors, as well as in luxury ecommerce and consumer publishing. As part of the Cloudfest and MSP Global writing team, Francesca uses her journalism background to get to the heart of industry trends and stories to deliver insightful and compelling content and commentaries.\",\"url\":\"https:\\\/\\\/mspglobal.com\\\/blog\\\/author\\\/francesca-cotton\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"How to survive and recover after a ransomware attack, by SITC's Paul Meyers","description":"SITC\u2019s Paul Meyers recounts his company's struggle during and after a ransomware attack and gives us a valuable guide on how to recover in 24h or less.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/mspglobal.com\/blog\/how-to-survive-a-ransomware-attack\/","og_locale":"en_US","og_type":"article","og_title":"How to survive and recover after a ransomware attack, by SITC's Paul Meyers","og_description":"How to survive and recover after a ransomware attack, by SITC's Paul Meyers","og_url":"https:\/\/mspglobal.com\/blog\/how-to-survive-a-ransomware-attack\/","og_site_name":"MSP GLOBAL BLOG","article_publisher":"https:\/\/www.facebook.com\/profile.php?id=100089083200946","article_published_time":"2025-10-20T10:08:27+00:00","article_modified_time":"2025-10-21T13:13:39+00:00","og_image":[{"width":2121,"height":1414,"url":"https:\/\/mspglobal.com\/blog\/wp-content\/uploads\/iStock-2219223500.jpg","type":"image\/jpeg"}],"author":"Francesca Cotton","twitter_card":"summary_large_image","twitter_creator":"@MSPglobalevent","twitter_site":"@MSPglobalevent","twitter_misc":{"Written by":"Francesca Cotton","Est. reading time":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/mspglobal.com\/blog\/how-to-survive-a-ransomware-attack\/#article","isPartOf":{"@id":"https:\/\/mspglobal.com\/blog\/how-to-survive-a-ransomware-attack\/"},"author":{"name":"Francesca Cotton","@id":"https:\/\/mspglobal.com\/blog\/#\/schema\/person\/93fec8f66d570471e04e31ae8b5c3b96"},"headline":"How to survive and recover after a ransomware attack, by SITC&#8217;s Paul Meyers","datePublished":"2025-10-20T10:08:27+00:00","dateModified":"2025-10-21T13:13:39+00:00","mainEntityOfPage":{"@id":"https:\/\/mspglobal.com\/blog\/how-to-survive-a-ransomware-attack\/"},"wordCount":1540,"publisher":{"@id":"https:\/\/mspglobal.com\/blog\/#organization"},"image":{"@id":"https:\/\/mspglobal.com\/blog\/how-to-survive-a-ransomware-attack\/#primaryimage"},"thumbnailUrl":"https:\/\/mspglobal.com\/blog\/wp-content\/uploads\/iStock-2219223500.jpg","articleSection":["Opinion"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/mspglobal.com\/blog\/how-to-survive-a-ransomware-attack\/","url":"https:\/\/mspglobal.com\/blog\/how-to-survive-a-ransomware-attack\/","name":"How to survive and recover after a ransomware attack, by SITC's Paul Meyers","isPartOf":{"@id":"https:\/\/mspglobal.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/mspglobal.com\/blog\/how-to-survive-a-ransomware-attack\/#primaryimage"},"image":{"@id":"https:\/\/mspglobal.com\/blog\/how-to-survive-a-ransomware-attack\/#primaryimage"},"thumbnailUrl":"https:\/\/mspglobal.com\/blog\/wp-content\/uploads\/iStock-2219223500.jpg","datePublished":"2025-10-20T10:08:27+00:00","dateModified":"2025-10-21T13:13:39+00:00","description":"SITC\u2019s Paul Meyers recounts his company's struggle during and after a ransomware attack and gives us a valuable guide on how to recover in 24h or less.","breadcrumb":{"@id":"https:\/\/mspglobal.com\/blog\/how-to-survive-a-ransomware-attack\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/mspglobal.com\/blog\/how-to-survive-a-ransomware-attack\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/mspglobal.com\/blog\/how-to-survive-a-ransomware-attack\/#primaryimage","url":"https:\/\/mspglobal.com\/blog\/wp-content\/uploads\/iStock-2219223500.jpg","contentUrl":"https:\/\/mspglobal.com\/blog\/wp-content\/uploads\/iStock-2219223500.jpg","width":2121,"height":1414,"caption":"A cheerful man in a mask celebrates success by opening a safe on a numeric code"},{"@type":"BreadcrumbList","@id":"https:\/\/mspglobal.com\/blog\/how-to-survive-a-ransomware-attack\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/mspglobal.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Opinion","item":"https:\/\/mspglobal.com\/blog\/category\/opinion\/"},{"@type":"ListItem","position":3,"name":"How to survive and recover after a ransomware attack, by SITC&#8217;s Paul Meyers"}]},{"@type":"WebSite","@id":"https:\/\/mspglobal.com\/blog\/#website","url":"https:\/\/mspglobal.com\/blog\/","name":"MSP INSIGHTS - The MSP GLOBAL Blog","description":"The latest news for MSPs and Tech Experts.","publisher":{"@id":"https:\/\/mspglobal.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/mspglobal.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/mspglobal.com\/blog\/#organization","name":"MSP GLOBAL","url":"https:\/\/mspglobal.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/mspglobal.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/mspglobal.com\/blog\/wp-content\/uploads\/MSP-GLOBAL-BLOG.svg","contentUrl":"https:\/\/mspglobal.com\/blog\/wp-content\/uploads\/MSP-GLOBAL-BLOG.svg","width":536,"height":63,"caption":"MSP GLOBAL"},"image":{"@id":"https:\/\/mspglobal.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/profile.php?id=100089083200946","https:\/\/x.com\/MSPglobalevent","https:\/\/www.linkedin.com\/company\/mspglobalevent\/","https:\/\/www.instagram.com\/mspglobalevent\/"],"ownershipFundingInfo":"https:\/\/mspglobal.com\/blog\/imprint\/","actionableFeedbackPolicy":"https:\/\/mspglobal.com\/blog\/imprint\/"},{"@type":"Person","@id":"https:\/\/mspglobal.com\/blog\/#\/schema\/person\/93fec8f66d570471e04e31ae8b5c3b96","name":"Francesca Cotton","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/mspglobal.com\/blog\/wp-content\/uploads\/cropped-fran-cotton-scaled-2-96x96.jpg","url":"https:\/\/mspglobal.com\/blog\/wp-content\/uploads\/cropped-fran-cotton-scaled-2-96x96.jpg","contentUrl":"https:\/\/mspglobal.com\/blog\/wp-content\/uploads\/cropped-fran-cotton-scaled-2-96x96.jpg","caption":"Francesca Cotton"},"description":"Francesca is an experienced copywriter, copy editor and journalist with a background in B2B content across the finance, food and technology sectors, as well as in luxury ecommerce and consumer publishing. As part of the Cloudfest and MSP Global writing team, Francesca uses her journalism background to get to the heart of industry trends and stories to deliver insightful and compelling content and commentaries.","url":"https:\/\/mspglobal.com\/blog\/author\/francesca-cotton\/"}]}},"_links":{"self":[{"href":"https:\/\/mspglobal.com\/blog\/wp-json\/wp\/v2\/posts\/12738","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mspglobal.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mspglobal.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mspglobal.com\/blog\/wp-json\/wp\/v2\/users\/31"}],"replies":[{"embeddable":true,"href":"https:\/\/mspglobal.com\/blog\/wp-json\/wp\/v2\/comments?post=12738"}],"version-history":[{"count":6,"href":"https:\/\/mspglobal.com\/blog\/wp-json\/wp\/v2\/posts\/12738\/revisions"}],"predecessor-version":[{"id":12752,"href":"https:\/\/mspglobal.com\/blog\/wp-json\/wp\/v2\/posts\/12738\/revisions\/12752"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/mspglobal.com\/blog\/wp-json\/wp\/v2\/media\/12742"}],"wp:attachment":[{"href":"https:\/\/mspglobal.com\/blog\/wp-json\/wp\/v2\/media?parent=12738"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mspglobal.com\/blog\/wp-json\/wp\/v2\/categories?post=12738"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mspglobal.com\/blog\/wp-json\/wp\/v2\/tags?post=12738"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}