How to Respond to a Ransomware Attack
Do not pay the ransom. Paying the ransom does not guarantee that you will get your data back, and it may encourage the attackers to target you again.
Disconnect your device from the internet and any other networks. This may prevent the ransomware from spreading to other devices or encrypting more data.
Contact law enforcement and report the incident. They may be able to help you recover your data or track down the attackers. You can find a list of law enforcement contacts for ransomware attacks on the CISA website.
Restore your data from backups. If you have backups of your important data, you may be able to restore them to a clean device. Make sure that your backups are not infected by the ransomware and that you scan them for malware before restoring them.
Use identity theft protection: If you are a victim of a ransomware attack, you may want to consider investing in identity theft protection. Identity theft protection companies can monitor personal information like your home title, Social Security number (SSN), phone number, and email address and alert you if it is being used to open an account. They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals. One of the best parts of using some services is that they might include identity theft insurance of up to $1 million to cover losses and legal fees and a white glove fraud resolution team where a U.S.-based case manager helps you recover any losses