Follow these steps to prevent further spread of ransomware on your system:
- Disconnect infected system(s) to prevent further spread of malware
- Call your technical support staff immediately so they can determine what variant of ransomware you may have and take appropriate next steps
If you don’t have technical support available or they are not versed in ransomware procedures please follow below:
- System administrator should temporarily revoke your system network access rights to all shares
- Determine how large the infection is
- Determine what strain of ransomware infected machine
- Based on your findings, take the next steps in restoring data
- Remove ransomware from your infected system
Hopefully you made backups of your data (if you didn’t it’s time to pay up and hope)
Restore Your Files From Backup
- Locate your backups
a. Ensure all files you need are there
b. Verify integrity of backups
c. Check for Shadow Copies if possible
d. Check for any previous versions of files that may be stored on cloud storage - Determine infection vector