Logic: Preservation over Restoration. Actions in the first 60 minutes determine your legal and forensic defense.
1. Sever Network Links (Isolate): Physically unplug Ethernet or disable Wi-Fi. This kills the attacker's Command & Control (C2) link but keeps the system state intact.
2. Maintain Power (Do Not Reboot): Modern malware often lives only in RAM; cutting power wipes the evidence needed to determine entry points.
3. Capture Visual Metadata: Use a phone to photo ransom notes or errors. Do not use the infected machine's screenshot tools.
4. Out-of-Band (OOB) Comms: Assume business email is compromised. Shift incident chat to a personal or secondary unlinked platform.
5. Trigger Financial Fraud Alerts: Place a "Hard Freeze" on all business accounts immediately. Digital breaches are often decoys for wire fraud.
π Global Jurisdiction Reporting
If you have fallen victim to ransomware, use the directory below to find the official reporting mechanism for your country. Reporting varies by region; if an online option is not listed, you are advised to lodge a complaint at your local police station.
