Ransomware Response Checklist

Last Updated August 2025 by Lacretta Incorvaia

Key Takeaways: What to do.

How to act fast when ransomware strikes to limit damage and data loss.
Your recovery options including what to do if you don’t have a backup.
Proactive steps to prevent ransomware from disrupting your business again.

Ransomware locks your files and demands payment to unlock them. Variants like CryptoLocker, Petya, and WannaCry are just the tip of the iceberg with new ones emerge all the time.

While the average ransom is around $4,300, the real cost often comes from downtime, which can hit $46,800 or more.

If you’re hit, here’s how to respond quickly and effectively:

Step 1. Shut down infected devices immediately

Stop the spread. Immediately disconnect infected devices from your network, turn off Wi-Fi and Bluetooth, and unplug any external drives.

Step 2. Determine the Strain and the Scope

Most ransomware tells you what it is. Knowing the strain helps you decide how to fight back. Then, assess how many devices were hit and what data was encrypted.

Next, determine how many devices were infected, as well as what kind of data was encrypted.

Step 3. Report the Incident

Notify your internal team and report the incident to the FBI or your local authorities. Reporting helps prevent future attacks and supports other victims.

Step 4. Evaluate Your Options

Got a backup? Restore from it. If not, you can try a 3rd-party decryption tool or pay the ransom (not recommended). Paying doesn’t guarantee recovery and can make you a repeat target.

Reach out to a tech expert for advice on your unique situation.

Step 5. Prevent Future Ransomware Attacks

Train your team to spot phishing and suspicious behavior
Use endpoint security and advanced threat protection
Create a business continuity plan to bounce back quickly if hit again

While business continuity may not be able to prevent ransomware from attacking, they can prevent it from succeeding.

Ransomware attacks are brutal, but with the right response, they don’t have to be devastating.

Stay alert, stay prepared.

When DIY IT Fails: Real Costs.

August 14, 2025

DIY IT might seem smart, but it can cost more than you think. Learn how expert IT support prevents downtime, protects growth, and boosts team productivity.

Is your IT provider really paying attention?

By Emelia Unknown • August 14, 2025

Think your IT provider has you covered? Pay attention. Learn why trust alone isn’t enough, and how a free cybersecurity assessment can reveal hidden vulnerabilities.

Get in touch