Reporting a Ransomware Attack

Ransomware encrypts your business files and demands payment in exchange for the decryption key. It's one of the most damaging cyber threats facing small businesses today. Speed and the right response make the difference between losing a day of work and losing everything.

Signs You're Experiencing a Ransomware Attack

• Files suddenly have a new, unfamiliar extension (e.g., .locked, .encrypted, .WNCRY).
• You can't open files that worked yesterday.
• A full-screen ransom note appears demanding cryptocurrency payment.
• Multiple colleagues suddenly can't access shared network drives.

Immediate Steps

1. Call (925) 365-9811 right now. Do not submit a ticket — call immediately. This is the most time-sensitive action you can take.
2. Disconnect affected devices from the network. Unplug ethernet cables and disable Wi-Fi on any computer showing signs of infection. Ransomware spreads to network shares and other devices.
3. Do not turn off computers unless our team instructs you to. Memory evidence may be needed for forensics and recovery.
4. Do not pay the ransom without guidance. Payment doesn't guarantee decryption and funds criminal organizations. Our team will assess recovery options first.
5. Photograph any ransom notes with your phone — these help identify the ransomware family and find decryptors if available.

Recovery

Our incident response process begins with assessing what was encrypted, identifying the attack vector (how it got in), and recovering from backups where possible. Many ransomware families have free decryptors available at nomoreransom.org — we check this immediately. Recovery timelines depend on the scope of encryption and backup recency.

Legal Obligations

Depending on your industry and the data involved, you may have a legal obligation to report the breach to regulators or notify affected customers. We'll connect you with guidance on this — but don't delay reporting to us while figuring out the legal piece. Our response happens in parallel.