Section I -- Contact Info

Organization Name:
Organization Affiliation:
Type of Organization:
IT Provider Name:
IT Provider Phone:
IT Provider Ext:
IT Provider Email:
Section II -- Indicators of Compromise
Date of ransomware incident discovery:
Ransomware variant name:
Encrypted file extension:
Dollar amount of ransom:
Coin wallet to transfer money:
Payment portal or URL:
Attacker's Email:
Source of compromise:
Section III -- Impact
Number of Servers Impacted:
Number of Workstation impacted:
Number of other devices impacted:
Critical business resources impacted:
Were back ups affected?:
Section IV -- Response
Final incident resolution:
How were decryption keys delivered:
Incident response & remediation company:
Do you have any computer artifacts from the attack?: (ex. PCAP, Forensic image, malware decryptor, malware, screenshots, logs, reports) If available please contact us at to send the following artifacts.
Have you contained the infection?(If you have a CJIS/GSN connection ):
If the infection is not under control, consult with NJSP Information Security Unit at 609-882-2000 ext. 2701 and and NJ Office of Information Technology at 1-800-622-4357 to determine if the CJIS and/or GSN connections should be temporarily disconnected to protect State resources until the infection is contained.
Do you acknowledge and consent that all information provided may be shared and distributed to US and NJ government partner. Partners include but not limited to FBI, DHS, NJ State Police.