- All employees should be instructed to immediately unplug the Ethernet network cable or disable Wi-Fi on the system if they suspect a ransomware infection has initiated. This will prevent the ransomware from spreading to other devices on the network or infecting backups that are stored on the network or in a cloud environment. Do not reconnect until the computer or device has been thoroughly scanned and cleaned.
- Alternatively, instruct employees to turn off the power or unplug the power cord from the system. Although doing so inhibits complete forensic analysis of the infected device, it stops the encryption process and may limit data loss.
- Employees should notify the appropriate information security contact within your organization as quickly as possible.
Learn more about Ransomware here.