Responding to a ransom demand
You may receive a warning message, or “ransom note”.
A ransom note tell the user of the infected device that data on the device has been compromised, encrypted or locked, or stolen. Ransom notes often demand money for your files to be released.
You may also get a direct communication demanding a ransom.
Take a picture of any messages (using another device). This can be useful evidence to identify attackers and the type of ransomware used.
Make sure you consider all alternatives to payment. The Department for Education and UK law enforcement do not support paying ransom demands.
Paying a ransom
Paying a ransom does not guarantee that you will get access to your data or computer. Your computer may still be infected and you may be more likely to be targeted again.
If you can, consult with an expert like:
- the RPA if you are a member
- Insurers
- service providers
- the NCSC
- law enforcement and/or cyber incident response (CIR) companies who have expertise in handling ransomware incidents.