Ransomware Warning, is your data safe?

1. Isolate infected systems or networks to limit the impact. The priority should be containing the attack, but try preserving evidence by leaving affected systems turned on.

2. Determine the scope of the attack. Understand what systems and what kind of data are affected, and prioritize critical systems recovery.

3. Communicate with management, your legal team, cyber-insurance providers, security vendors.

4. Consider seeking expert assistance from vendors or other third parties familiar with ransomware recovery.

5. Try to preserve evidence from the attack if possible.

6. Identify the ransomware being used. This may help discover if a decryption is available, and it will inform the specifics of containment and clean up.

7. Identify systems and accounts used in the initial breach, and any precursor malware or persistence mechanisms left by the attackers if possible.

8. Use known good system images and backups to restore critical systems. Take care to segregate clean systems from infected systems.

9. Reset, change passwords, patch and upgrade software, and add any additional security checks necessary to prevent a recurrence of the attack.

10. Use what you have learned from this attack to better prepare for the next one.

11. Get a copy of tron a free software the run a number of anti-virus and system recovery programs.