Windows Autopatch: Some admins may have seen Quality and Feature Update reports incorrectly showing "SYSTEM_SCRUBBED" in Windows Autopatch (incident).
View Microsoft 365 Status
Get Started
Need IT support or a security review?
Talk with OpenTech about managed IT, cybersecurity, Microsoft 365, or urgent support.
Request Service Create Ticket
Security Incident Guide

Ransomware recovery guide

Ransomware attacks can disrupt operations and threaten business data. Knowing the right steps during the first hours of an incident can significantly reduce damage and recovery time.

Incident Response Request Immediate Help
Incident Response Backup Recovery Security Hardening
Recovery Step

1. Disconnect Affected Systems Immediately

  • Disconnect infected computers from the network.
  • Disable Wi-Fi or unplug network cables.
  • Prevent the ransomware from spreading to additional devices.
  • Do not power off servers unless advised by an incident responder.
Recovery Step

2. Preserve Evidence

  • Do not delete encrypted files or ransom notes.
  • Take screenshots of ransom messages.
  • Document affected systems and timestamps.
  • Preserve logs if available.
Recovery Step

3. Contact Incident Response

  • Notify your IT provider or incident response team immediately.
  • Avoid communicating with attackers without professional guidance.
  • Assess scope of compromise and affected systems.
  • Determine whether sensitive data was accessed.
Recovery Step

4. Evaluate Backup Recovery

  • Identify unaffected backups.
  • Confirm backups are not compromised.
  • Test restoration in an isolated environment.
  • Prioritize restoring critical systems first.
Recovery Step

5. Reset Credentials

  • Reset administrator passwords.
  • Enable or enforce MFA.
  • Review privileged accounts.
  • Audit suspicious logins.
Recovery Step

6. Harden Security After Recovery

  • Patch vulnerabilities that enabled the attack.
  • Review remote access exposure.
  • Improve email phishing protections.
  • Deploy endpoint protection and monitoring.
Emergency Support

Experiencing a ransomware incident?

Rapid response is critical during a ransomware attack. OpenTech can help contain threats, restore systems from backup, and guide your organization through recovery and remediation.

Incident Response Security Consultation
  • Ransomware containment
  • Forensic analysis
  • Backup restoration
  • Security remediation
  • Post-incident hardening