Ransomware attack

In a ransomware attack, you won't be able to access your device and the data stored on it because the files are encrypted.

Usually you're asked to contact the attacker via an anonymous email address or follow instructions on an anonymous web page, to make payment in a cryptocurrency. The attackers may also threaten to leak the data they steal.

• Immediately disconnect the infected computers, laptops or tablets from all network connections, whether wired, wireless or mobile phone based.
• In a very serious case, consider whether turning off your wifi, disabling any core network connections (including switches), and disconnecting from the internet might be necessary.
• Reset credentials including passwords, especially for administrator and other system accounts – but verify that you are not locking yourself out of systems needed for recovery.
• Safely wipe the infected devices and reinstall the operating system (OS).
• Before you restore from a backup, confirm that it is free from any malware. You should only restore from a backup if you are very confident that the backup and the device you're connecting it to are clean.
• Connect devices to a clean network in order to download, install and update the OS and all other software.
• Install, update, and run antivirus software.
• Reconnect to your network.
• Monitor network traffic and run antivirus scans to identify if any infection remains.

The NCSC and UK law enforcement do not encourage, endorse nor condone the payment of ransom demands. But know that if you do pay the ransom:

• there is no guarantee that you will get access to your data or computer
  
• your computer will still be infected
  
• you will be paying criminal groups
• you're more likely to be targeted in future

For this reason, it is important that you always have a recent offline backup of your most important files and data.