What to Do in a Ransomware Breach

With your help, TMU can minimize online threats.

Despite our best efforts, ransomware breaches are real threats that can happen to anyone. Consider keeping TMU’s three-step breach protocol posted in your workspace so you can be prepared with a response any time.

TMU's 3-step ransomware response

Disconnect it.

Snap
it.

Restore
it.

Step 1: Disconnect it — from internet connection.

Either unplug your computer network cable or disconnect your computer from WiFi. Doing so early can stop the ransomware from spreading further.

Step 2: Snap it — a photo, that is.

Take a screenshot of the entire screen in case you’re asked for it later. If you’re not sure how to do so, practice taking a screenshot now so you’ll be more likely to take the right actions, even if you’re in a panic situation.

Practice taking screenshots on a Windows 10 PC

Use your keyboard to hold down two keys at the same time: Windows Logo + PrtScn. Your screenshot will automatically save to the system’s Pictures folder, under Screenshots. Find more on the Microsoft Support page (external link) .

Practice taking screenshots on a Mac

Use your keyboard to hold down three keys at the same time: Shift + Command + 3. Your screenshot will automatically save to your desktop. Find more on the Apple Support page (external link) .

Step 3: Restore it — to a safe state.

Restore the computer to a safe state with the help of computer repair experts and your data backups.

If you’re using a TMU-owned computer, please contact the Computing and Communications Services Help Desk for assistance at help@torontomu.ca or 416-979-5000, ext. 556806.

Act quickly

It can take as little as 18 seconds to two minutes from the time you select a malicious link for a ransomware payment demand notification to show on your screen.
Acting quickly can prevent the ransomware from spreading too broadly in your computer system.
The more time that passes, the more files will be locked up by the ransomware.