Alert & Declare: (877) 364-9393
Member Emergency Hotline
Emergency Hotline
Agility Recovery +

When a ransomware attack is actively unfolding, every decision matters—and every minute counts. Systems may already be encrypted, sensitive data at risk of exfiltration, and business operations grinding to a halt, leaving leadership teams under intense pressure to act quickly and correctly. In these moments, organizations that follow a disciplined, proven response approach are far better positioned to contain damage, protect evidence, and accelerate recovery. Drawing from real-world incident response guidance, this article outlines ten critical actions businesses should take during an active ransomware attack to stabilize the situation, avoid costly missteps, and set the foundation for effective remediation and recovery.

1. Don’t Panic

To call an attack stressful is a major understatement but it’s also no time to panic. Do your best to remain calm and rely on your preparations and team to proceed quickly and efficiently.

2. Let Your Incident Response Plan Be Your Guide

This plan is home to the critical information you and your IT team will need when you experience a security incident. Be sure that this plan is updated frequently and tested at least annually to be sure you don’t encounter any costly barriers to action. While this plan is certainly stored online, it’s wise to also have it printed out on paper so it’s accessible when your network is down or inaccessible.

3. Open Communication with Trusted Advisors

If you have a response and recovery partner like Agility, that should be your first call so that team can begin triage right away. Follow-up calls should include insurance brokers, your insurance claims team, legal counsel, etc.

4. Isolate Backups

Be sure your backups are offline or physically offsite to isolate and prevent attackers’ access.

5. Disconnect Servers and Devices from Your Network

When an attacker is stealing data from your network in real-time, cutting off the internet and disconnecting devices from each other halts the hacker’s efforts.

Cyber Breach Response & Recovery with Agility

Get Ransomware Risk Assessment

6. Do Not Engage the Threat Actor

Attempting to decrypt ransomed data or negotiate with the threat actor on your own could result in costly mistakes and a greater ransom. Instead, contact response and recovery experts like Agility Recovery. Skilled negotiations can reduce your ransom payment by as much as 64%. Even better, up to 70% of businesses who utilize professional negotiation services report a zero-payout resolution to their incident.

Be Ready for a Ransomware Attack


7. Document What Your Can with Screenshots, Photos, Etc.

Things to document include ransom notes/file extensions, reviewed logs, and software conveying the state of the environment.

8. Preserve Evidence

  • Do not turn off devices
  • Do not attempt to wipe, re-image, or restore from backup without consultation
  • Failure to preserve evidence will prevent the ability to conduct a complete investigation

9. Change Your Passwords

This includes:

  • Administrator accounts and all cloud accounts
  • VPN/Remote connectivity software
  • Firewall
  • Email

10. Identify Where Sensitive Information is Stored

Know the host name of this device, review your backups for this information. Consult with your legal team before you inform employees, clients, etc., of the attack.

  • Immediate contact—Kizzie and the team are on it as soon as you call or email the hotline

  • Verification of location and contact info to activate your recovery quickly

  • Assistance with logistics for generators, ReadyOffice units, and mobile support

  • Seamless coordination of billing estimates and cost approvals via DocuSign

  • Consistent, empathetic support throughout the entire recovery lifecycle

Clients often call during moments of stress and uncertainty—Kizzie’s role is to bring clarity, confidence, and a steady hand through every phase of the recovery.

Watch now to learn how Kizzie and the Agility team ensure your organization gets back up and running—fast.

In this short video, Tech Services Manager, Jason Brinker, explains how Agility Recovery helps organizations protect critical data and maintain business continuity with Disaster Recovery as a Service (DRaaS). From custom PC imaging to cloud-based server backup and rapid data restoration, our DRaaS solutions are built to minimize downtime and safeguard your operations—especially in the event of a cyberattack or unexpected outage.

Avoid data loss, reduce downtime, and recover faster. Agility’s expert-managed DRaaS platform delivers:

  • – Advanced data backup and recovery tools
  • – Flexible, scalable cloud-based disaster recovery
  • – Long-term server and file retention
  • – Proven support for business continuity and compliance

 

Whether you’re recovering from a ransomware attack or planning for future disruptions, Agility gives your team the speed, confidence, and expert guidance to recover critical systems—fast.

Watch now to see how DRaaS from Agility keeps your business running, no matter what.

In this short video, Jason Brinker shares his role at Agility Recovery and how his deep technical expertise shapes our disaster recovery solutions. With nearly two decades of experience in communications and IT disaster recovery, Jason works directly with clients to design and implement recovery strategies that are highly technical—but always easy for customers to understand.

From coordinating complex system restorations to saying “yes” to custom technical requests, Jason’s goal is simple: deliver seamless, stress-free recoveries that work when your business needs them most.

What Jason Brings to Agility’s Recovery Services:

  • – Over 20 years of experience in disaster recovery and business continuity
  • – Hands-on leadership in building custom technical recovery plans
  • – Deep understanding of client needs across a range of industries
  • – A commitment to making complex technology simple and approachable

Whether you’re facing a disaster scenario or planning ahead, Jason and the Agility team are here to guide you with clarity, speed, and confidence.

Watch now to see how Jason and the Agility team make recovery possible.

When a business interruption strikes — whether from a cyberattack, power outage, or severe weather event — how prepared is your team to respond? One of the most effective ways to find out is by conducting a tabletop test exercise.

But not all tabletop tests are created equal.

Organizations typically choose between standard and advanced tabletop tests. While both help teams prepare for critical incidents, each offers a different level of complexity, depth, and organizational engagement. Understanding the difference is key to selecting the right approach for your team.

What Is a Tabletop Test?

tabletop test is a facilitated, discussion-based exercise where team members walk through their emergency response plans in a simulated scenario. The goal is to identify gaps, clarify roles, and ensure that critical functions can be executed under stress — before a real-world event forces your hand.

  • Speed: Automated tools can scan an entire network within minutes, detecting common vulnerabilities like misconfigurations or outdated software.
  • Continuous Monitoring: Healthcare systems require constant vigilance. Automated testing can run regularly to provide real-time insights into new vulnerabilities as they emerge.
  • Scalability: For large healthcare facilities with expansive IT infrastructures, automated testing efficiently assesses a wide range of systems and devices.

However, automated tools can sometimes miss nuanced or context-specific vulnerabilities. While they provide a strong baseline for ongoing monitoring, they may lack the human insight needed to identify sophisticated or emerging threats.

Guided Penetration Testing: Detailed & Strategic

Guided simulation penetration testing (also referred to as manual PTaaS) is conducted by cybersecurity experts who simulate real-world attack scenarios to uncover vulnerabilities that automated tools might miss. This approach excels in areas where:

  • Human Expertise is Critical: Guided testing identifies complex vulnerabilities, such as logic flaws in custom applications or specific risks in medical devices.
  • Targeted Analysis is Needed: For high-priority systems, such as electronic health records (EHRs) or connected medical devices, manual testing provides in-depth scrutiny.
  • Compliance is Complex: Many healthcare facilities require detailed reporting to meet standards like HITRUST or HIPAA. Manual testers can tailor their evaluations to align with these frameworks.

The downside? Guided simulation penetration PTaaS is time-intensive and often more expensive. It’s not practical to use exclusively, especially in fast-paced environments like healthcare.

Striking the Right Balance: A Hybrid Approach

For healthcare facilities, a combination of continuous and guided simulation penetration testing is often the best solution. Continuous testing ensures automated, “always-on” coverage, quickly identifying common vulnerabilities across large networks. Guided simulation testing complements this by providing a deeper, manual, and more nuanced evaluation of high-risk areas.

Here’s how healthcare facilities can integrate both approaches:

  • Use automated testing to conduct regular scans of your entire IT environment.
  • Deploy manual testing periodically for critical systems, such as EHR platforms or medical devices, where the stakes are highest.
  • Leverage automated reporting to prioritize vulnerabilities and direct manual testers to areas of greatest concern.

This hybrid approach ensures that healthcare facilities stay ahead of evolving threats while maintaining compliance and protecting patient data.

Take Action Today

Cybersecurity in healthcare is non-negotiable. With the right balance of continuous and guided simulation penetration testing, you can protect your systems, secure patient data, and reduce the risk of cyberattacks. Contact Agility Recovery to learn how our Cyber Resilience and Threat Detection solutions can help safeguard your healthcare facility.

Tornado season in the U.S. typically runs from March through June, but destructive twisters can strike at any time of year — and they often arrive with little warning. For businesses, a single tornado can disrupt operations, damage critical infrastructure, and result in thousands (if not millions) of dollars in losses. Without a proactive plan, recovery becomes a race against time.

The Cost of Tornadoes to Businesses

Tornadoes are among the most violent and unpredictable weather events. In 2023 alone, the U.S. experienced over 1,150 confirmed tornadoes. According to the National Oceanic and Atmospheric Administration (NOAA):

  • The average commercial tornado claim is $45,000–$100,000, depending on the industry and size of the business.
  • Tornado-related damage in the U.S. caused over $1.6 billion in insured losses in 2022.
  • Business downtime can range from days to weeks, with small and medium-sized businesses being the most vulnerable to permanent closure after a major disaster.

If you operate in Tornado Alley — or even on the fringe of high-risk zones — preparing ahead of time is essential.

5 Ways Businesses Should Prepare for Tornado Season

1. Assess Facility Vulnerability

Start with a walkthrough of your physical locations. Identify areas where your facility is most at risk — such as large glass windows, roof structures, or equipment stored outdoors. Consider retrofitting or reinforcing key areas, especially in tornado-prone zones.

2. Update Your Business Continuity Plan (BCP)

Your BCP should include specific steps for tornado response:

  • Shelter-in-place protocols
  • Emergency communication plans
  • Remote work contingencies
  • Vendor and supplier backups

Ensure all team members know their roles during a severe weather emergency.

3. Back Up Critical Systems

Tornadoes often result in power outages and damage to on-site IT infrastructure. Secure off-site or cloud-based data backup to preserve records, customer information, and operational systems. Agility Recovery offers secure data backup and recovery services to make sure you can bounce back quickly even if your servers go offline.

4. Establish Emergency Power Solutions

Power loss is a common side effect of tornadoes, and restoring power to your facility can take days. With Agility’s backup power solutions , including generator delivery and fuel replenishment, you can avoid costly downtime.

5. Conduct Tornado Tabletop Exercises

Running a tabletop test with your team helps you simulate a real-world tornado event — uncovering gaps in your plan before a storm ever hits. It also ensures that your leadership team, IT staff, and facility managers know how to act quickly and cohesively under pressure.

The Cost of Downtime

Unplanned downtime from tornado damage can devastate a business. According to FEMA and the U.S. Chamber of Commerce:

  • 25% of businesses never reopen after a major disaster
  • The average cost of IT downtime is approximately $5,600 per minute for mid-size businesses
  • Even short-term closures can result in lost customer trust, missed SLAs, and long-term revenue impacts

How Agility Recovery Helps

Agility Recovery offers turnkey business continuity solutions that reduce your vulnerability to tornado-related disruptions. Our services include:

Next Steps for Tornado Season Readiness

  1. Schedule a Business Continuity Assessment with Agility to evaluate your tornado readiness.
  2. Run a Tabletop Exercise focused on a severe weather event.
  3. Ensure You Have a Generator Solution in place for emergency power.
  4. Review Your Data Backup Protocols with Agility’s cyber resilience experts.

Be Ready Before the Sirens Sound

You can’t prevent a tornado — but you can prevent it from shutting down your business. With the right plan, partners, and technology in place, you can weather the storm and keep your organization running.

In today’s digital age, no organization is immune to the threat of cyberattacks. Securing the right cyber insurance coverage is crucial to protecting your business from the financial and operational fallout of a data breach.

Our guide breaks down the complexities of cyber insurance, offering a step-by-step approach to understanding policy requirements, assessing your organization’s risk profile, and ensuring you have the coverage you need. Whether you’re new to cyber insurance or looking to optimize an existing policy, this resource is your key to making informed decisions.

In today’s digitally connected world, cyber threats are a constant and growing concern for businesses.

As organizations increasingly rely on technology for daily operations, they expose themselves to various cyber risks, from data breaches to ransomware attacks. Building cyber resilience means preparing for these inevitable threats by developing the capacity to detect, respond to, and recover from cyber incidents without significant disruption to operations. This guide provides businesses with actionable steps to enhance their cyber resilience, ensuring that they can maintain their operations, safeguard their data, and protect their reputation.

In sectors like healthcare, insurance, legal, and financial services, managing sensitive information comes with big responsibilities.

Cybersecurity isn’t just about protecting data—it’s about preserving trust and ensuring operational continuity. This checklist guides organizations through establishing robust cybersecurity practices that safeguard operations and comply with regulatory standards.

Banks and credit unions are entrusted with highly sensitive information, making them prime targets for cyberattacks.

The unique challenges faced by financial institutions require a tailored cybersecurity approach that not only addresses regulatory compliance but also ensures the safety and integrity of customer data. This checklist is designed to help banks and credit unions build a robust cybersecurity framework that protects both their operations and their customers.