If preventative measures fail, an organization should take the following steps immediately after learning of a ransomware infection.
- Isolate affected systems.
- Secure backups.
- Disable maintenance tasks.
- Create backups of the infected systems.
- Quarantine the malware.
- Identify and investigate patient zero.
