A Ransomware infection is a common and harmful form of Malware. However, if you do get a notice onscreen, do not panic, and follow the steps below:

Disconnect

The first step is to go offline. We want to disable any connectivity to the internet so the Ransomware cannot communicate with its command and control servers. For a Desktop computer, remove the network cable and for Laptops either disable Wi-Fi or switch off the router. Also, if you catch the Ransomware while it is still encrypting files, you might prevent any corruption of Google Drive and other online storage accounts.

Ransom Note

Most Ransomware pops up a ransom note with instructions on how to proceed with payment. Take a picture so you have a copy of the screen for your use and when you file a police report.

Antivirus

Use an Antivirus to remove the Ransomware from your machine. However, if you do plan on paying the ransom, then avoid this step and proceed with the payment. Please note that cleaning the ransomware will not decrypt your files and might make it impossible to recover unless you have backups.

Ransomware

You can also figure out which Ransomware using tools available online. The online tools want you to upload encrypted files for analysis to determine the type of Ransomware. A lot of popular Ransomware decryption keys are available, and you might be able to recover your files. If the decrypter for your version of the Malware is not available, it might be at some point in the future, so it is worth keeping the encrypted files.