You are now in the main content area

What to Do in a Ransomware Breach

With your help, TMU can minimize online threats.

Despite our best efforts, ransomware breaches are real threats that can happen to anyone. Consider keeping TMU’s three-step breach protocol posted in your workspace so you can be prepared with a response any time.

TMU's 3-step ransomware response

Disconnect it.



Either unplug your computer network cable or disconnect your computer from WiFi. Doing so early can stop the ransomware from spreading further.

Take a screenshot of the entire screen in case you’re asked for it later. If you’re not sure how to do so, practice taking a screenshot now so you’ll be more likely to take the right actions, even if you’re in a panic situation.

Practice taking screenshots on a Windows 10 PC

Use your keyboard to hold down two keys at the same time: Windows Logo + PrtScn. Your screenshot will automatically save to the system’s Pictures folder, under Screenshots. Find more on the Microsoft Support page, external link.

Practice taking screenshots on a Mac

Use your keyboard to hold down three keys at the same time: Shift + Command + 3. Your screenshot will automatically save to your desktop. Find more on the Apple Support page, external link.

Restore the computer to a safe state with the help of computer repair experts and your data backups.

If you’re using a TMU-owned computer, please contact the Computing and Communications Services Help Desk for assistance at or 416-979-5000, ext. 556806.

Act quickly

  • It can take as little as 18 seconds to two minutes from the time you click a malicious link for a ransomware payment demand notification to show on your screen.
  • Acting quickly can prevent the ransomware from spreading too broadly in your computer system.
  • The more time that passes, the more files will be locked up by the ransomware.

Power on or off?

During a ransomware breach, you’ll want to keep some computing equipment on and others off.

Power on: Servers (but please isolate the server from any networks it’s connected to)

Power off: Desktop and laptop computers