What to Do in a Ransomware Breach
Despite our best efforts, ransomware breaches are real threats that can happen to anyone. Consider keeping TMU’s three-step breach protocol posted in your workspace so you can be prepared with a response any time.
TMU's 3-step ransomware response
Either unplug your computer network cable or disconnect your computer from WiFi. Doing so early can stop the ransomware from spreading further.
Take a screenshot of the entire screen in case you’re asked for it later. If you’re not sure how to do so, practice taking a screenshot now so you’ll be more likely to take the right actions, even if you’re in a panic situation.
Practice taking screenshots on a Windows 10 PC
Use your keyboard to hold down two keys at the same time: Windows Logo + PrtScn. Your screenshot will automatically save to the system’s Pictures folder, under Screenshots. Find more on the Microsoft Support page, external link.
Practice taking screenshots on a Mac
Use your keyboard to hold down three keys at the same time: Shift + Command + 3. Your screenshot will automatically save to your desktop. Find more on the Apple Support page, external link.
Restore the computer to a safe state with the help of computer repair experts and your data backups.
If you’re using a TMU-owned computer, please contact the Computing and Communications Services Help Desk for assistance at firstname.lastname@example.org or 416-979-5000, ext. 556806.
- It can take as little as 18 seconds to two minutes from the time you click a malicious link for a ransomware payment demand notification to show on your screen.
- Acting quickly can prevent the ransomware from spreading too broadly in your computer system.
- The more time that passes, the more files will be locked up by the ransomware.
Power on or off?
During a ransomware breach, you’ll want to keep some computing equipment on and others off.
Power on: Servers (but please isolate the server from any networks it’s connected to)
Power off: Desktop and laptop computers