Ransomware Response Kit

Credits & Thankyou's

I would like to thank Lawrence Abrams of BleepingComputer and Cody Johnston and Nathan Scott from EasySync for their insights, hardwork, and feedback on this kit. This kit is a compilation of guides and various resources relating to dealing with ransomware. I am not the original author of any of these resources and I am not claiming credit to be. Much of the work that is contained in this kit is by the members of bleepingcomputer forums and other individuals. I am merely providing a central repository for this information. I will do my best to keep in contact with those individuals who are on the forefront of malware analysis related to ransomware and keep this page updated. Thankyou!

I have compiled this kit to be used for security professionals and system administrators alike, in order to help streamline the process of responding to ransomware infections.

Some of the information in this kit is obsolete due to the rapidly evolving nature of ransomware. I will do my best to keep it up to date with the help of the malware community at large.


You should never pay the ransom. This will only reinforce this type of attack. According to most security intelligence reports, criminal enterprises are already making large profits from ransomware.

In case of infection:

  • Remove the impacted system from the network
  • Attempt to identify which variant of ransomware you are infected with.
  • Before removing the threat, create a copy if possible for later analysis, which may be needed for decryption of files.
  • If possible, use restore points or backups to return to a safe state after removing the threat.
  • If you have identified the variant of ransomware and a decrypter tool is available for it in this kit, you can attempt to utilize it.