Think You've Been Hit by Ransomware? Do This First

A ransom note is on your screen. Your files have a strange new extension. Every minute you spend deciding what to do costs you — the encryption keeps spreading to anything still connected. Do not pay the ransom before calling us — 778-918-4136. We respond the same day.

What's Likely Causing This

Ransomware almost always gets in through one of these.

A phishing email that got clicked

Unpatched software with a known vulnerability

An exposed RDP (Remote Desktop) port reachable from the internet

No endpoint protection running on the affected device

Compromised credentials (stolen usernames and passwords) reused across multiple accounts

What We Do First

1

Disconnect the affected device(s) from the network immediately

2

Identify how far the encryption has already spread

3

Check whether clean, unencrypted backups exist anywhere

4

Walk you through your actual options before you make any payment decision

Surviving This Attack Doesn't Prevent the Next One

We can help you contain what's happening right now. But ransomware rarely sneaks in through some clever trick nobody could catch. It's usually the same gaps every time: one unpatched system, one exposed port, or one employee nobody trained to spot phishing. Our managed cybersecurity clients get those gaps closed before an attacker finds them.

Frequently Asked Questions

Should we pay the ransom?

We strongly advise against paying before getting an expert assessment. Paying doesn't guarantee you'll get a working decryption key (the code needed to unlock your files). It also doesn't remove the attacker's access to your network, and it may mark you as a target willing to pay again. We'll help you understand your actual recovery options first.

How do we know if the attacker still has access?

Locking up your files (encryption) is often the last step of an attack, not the first. The attacker may have been inside your network for days or weeks beforehand. We don't consider the threat contained until we've checked for backdoors (hidden ways back in) and new accounts the attacker may have created. We also look for other signs they could still get back in.

Will we have to notify clients or regulators about this?

If the attack affected client or personal data, Canadian privacy law (PIPEDA) likely requires you to notify the people affected. We'll help you understand exactly what happened. We'll also walk you through what that notification requirement means for you, as part of our response.

Call Before You Do Anything Else