Skip to content
Vectel

Ransomware response: first 30 minutes

You suspect or see ransomware. Walk this in order, and in 20 minutes you have a file for your insurer and the AP.

Free interactive guide. No registration, no email. At the end you get a printable action list to share with your IR partner or Vectel.

Mid-incident? Direct contact:
Call Vectel +31 85 006 4602Report at NCSC.nlAP breach notification

Step 1

Mid-incident? Stop reading, start isolating.

Do these steps in this order. No decisions until the infected machine is off the network.

  • Do not power off: a hard shutdown destroys forensic evidence and RAM-resident keys.
  • Do not log in from a second machine: lateral movement is exactly what the actor wants.
  • Do not pay, do not negotiate, no external mail from a possibly-compromised mailbox yet.

Stuck, or broader than one workstation?

We take over the heavy phases: forensics, recovery, AP notification file, and insurer reporting. You don't have to handle it solo.

Get in touch