LOGBOOK

HELP

Quiz Entry - updated: 2026.06.24

If you suspect ransomware is actively running, what should you do — and should you pay?

Hard-shut-down the machine immediately, clean it from a live system, restore from backup — and do not pay.

Immediate response:

  • Switch the computer off "hard" at once (to halt ongoing encryption)
  • Boot a live system (a clean rescue OS), then scan, clean, and re-secure the data from there
  • Report it — to the national cyber authority (e.g. NCSC) and your local police

Why not pay:

  • it funds and strengthens criminal infrastructure
  • there's no guarantee you'll receive a working key
  • it marks you as a payer — the next attack follows, with a higher demand

The real takeaway: the most important action happens before the incident — having a tested, offline backup. Everything during the incident is damage control.

Tip: Don't overwrite older backups during a panic restore — an earlier clean backup may be the only uninfected copy you have.

From Quiz: ISF / Awareness & the 5S Model | Updated: Jun 24, 2026