FAQ

The specialists answer to you

FAQ : #what to do

Feel free to contact us to ask some questions or share a comment.

The first few hours are crucial to limit the extent of the damage. Here's the emergency procedure:

  1. Isolate infected machines — immediately disconnect from the network (Ethernet cable and Wi-Fi) to stop lateral propagation
  2. Do not restart systems — some encryption keys remain in RAM and can be extracted while the system is running
  3. Preserve traces — do not modify any system files; these elements are essential for forensic analysis
  4. Identify the ransomware — upload an encrypted file to ID Ransomware (id-ransomware.malwarehunterteam.com) to identify the family
  5. Evaluate your backups — check if your offline or cloud backups are intact
  6. Contact a specialist — an incident response expert can intervene in less than 2 hours

#ransomware emergency #what to do #first steps #isolate network

The PLUS of SOS Data Recovery

  • Swiss leader of Data recovery

  • Extranet Follow-up

  • Security copy of the device

  • Secure offices

  • Data encryption on request

  • Storage in a safe

  • Monitoring of the parcels

  • Over 20 years of experience

  • Confidentiality