Ransomware is a form of malware that encrypts computer files so that you cannot use them. Then those responsible will ask for money to de-crypt the files so that you can use them.
User Actions for Suspected Ransomware
- Stay calm, take a deep breath.
- Disconnect your system from the network
- Take pictures of your screen using your smartphone showing the things you noticed: ransom messages, encrypted files, system error messages, etc.
- Take notes about the problem(s) using the voice memo app on your smartphone or pen-and-paper. Every little bit helps! Document the following:
- What did you notice?
- Why did you think it was a problem?
- What were you doing at the time you detected it?
- When did it first occur, and how often since?
- Where were you when it happened, and on what network? (office/home/shop, wired/wireless, with/without VPN, etc.)
- What systems are you using? (operating system, hostname, etc.)
- What account were you using?
- What data do you typically access?
- Who else have you contacted about this incident, and what did you tell them?
- Contact the help desk and be as helpful as possible
- Be patient: the response may be disruptive, but you are protecting your team and the organization! Thank you.
For more information see the Stop Ransomware at CISA.