What To Do When Ransomware Strikes?
Share
Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
1. Disconnect from the Network: First of all, the stricken device should be disconnected from the network as quickly as possible in order to prevent any further spread of the ransomware attack.
2. Identify the Ransomware: Investigation should be done to identify the strain of ransomware and its origin.
3. Backup the Data: Backup of data should be done prior to any recovery efforts in case the attempt to decrypt fails or is not possible due to insufficient information.
4. Notify Law Enforcement: The incident should be reported to law enforcement authorities if necessary.
5. Seek Professional Help: Help from a professional IT security expert to recover from the attack should be sought.
6. Restore from Backups: Once the ransomware is identified, the data can be restored from backups, if available.
7. Remove Infected Devices/Software: All infected devices, applications, and software must be removed and replaced with clean copies.
8. Use Offline Recovery Methods: If unsuccessful with all other recovery attempts, offline methods may work.