I’m Being Held For Ransom.. Now What?

Maybe an employee clicked on a bad link. Maybe a manager downloaded a PDF from someone they thought they could trust. Whatever the case may be, your files are now encrypted and a hacker is demanding millions in payment for your information.

So what are you supposed to do now?

Contact Authorities

The first thing to do when you discover an attack is to contact law enforcement, as well as your current IT professionals.


Remove the infected computer from the network it’s currently on. Make sure to turn off Wi-Fi and Bluetooth, and unplug any external hard drives or USB drives. Do not touch any files or antivirus software, just leave those for now.

Extent of the Issue

You’ll need to know how much of your IT infrastructure was affected. Check for signs of encryption for any of the following, if the original computer had access to this information:

  • Shared drives or folders
  • Network storage
  • External hard drives
  • Thumb drives
  • Cloud storage (Google Drive, DropBox, etc)

Consider the Strain

Different types of ransomware can be costlier, or have different payment systems (ex. Bitcoin) than others. Having more information on which version of ransomware you’ve come into contact with may aid in resolving the issue sooner.

Respond Accordingly

Once you know what you’re up against, you have four options.

  • Restore your files from a backup
  • Decrypt your files via a 3rd party decryptor, which is unlikely to work
  • Do nothing and lose your data
  • Negotiate or try and pay the ransom

For a full brief and a detailed description of what you can do to prepare and recover from one of these attacks, download the “Ransomware Hostage Rescue Manual” below.

0 comments on “I’m Being Held For Ransom.. Now What?

Leave a Reply

Your email address will not be published. Required fields are marked *