Ransomware or Cyberattack

Your files are encrypted, you're seeing ransom demands, or you suspect a breach. Don't pay anything. Don't delete anything. Call us — we have experience helping businesses recover from this.

Call Now: (587) 318-0019

✓Do This Right Now

Disconnect the affected computers from the network IMMEDIATELY

Unplug ethernet cables and disable WiFi. Ransomware spreads to other computers through the network. Every second connected risks more encrypted files.

Do NOT shut down infected computers

Some ransomware encryption keys are stored in memory. Shutting down destroys them and can make recovery impossible. Leave computers on but disconnected.

Take photos of the ransom screen

Photograph the ransom message with your phone. The ransom note often identifies the ransomware strain, which tells us if decryption tools exist.

Call us immediately

Reach our cybersecurity team at (587) 318-0019. We'll start incident response remotely and guide you through containment steps.

Notify your leadership team

Ransomware may trigger legal obligations (PIPEDA breach notification). Leadership needs to know early so legal and insurance can be engaged.

✗Don't Do This

DO NOT PAY THE RANSOM. Paying doesn't guarantee you'll get your files back. It funds criminal organizations and marks you as a target for repeat attacks.

Don't try to decrypt files yourself using random tools from the internet. You can permanently corrupt files or trigger additional malware.

Don't delete the ransomware or run antivirus yet. Forensic evidence on the infected machine helps identify the strain and find decryption options.

Don't restore from backup before the network is secured. Restoring into an environment where the attacker still has access means they'll encrypt you again.

Don't communicate about the attack on company email if that system may be compromised. Use personal phones or a separate channel.

How We Help

Contain the attack

We isolate affected systems, identify the ransomware strain, and stop it from spreading. This is the most time-critical step.

Assess the damage

We determine what's encrypted, what's intact, and whether backups are clean. We check for data exfiltration (data theft) which is increasingly common alongside encryption.

Explore recovery options

Many ransomware strains have free decryption tools available. We check against databases of known decryptors. If decryption isn't possible, we recover from backups.

Restore operations

We rebuild from clean backups in a secured environment. Critical systems come back first — email, then file servers, then everything else.

Secure against re-attack

We identify how the attacker got in (usually phishing or exposed RDP) and close those doors. We implement monitoring to detect future attempts early.

Frequently Asked Questions

Should we pay the ransom?

No. The RCMP, FBI, and every cybersecurity agency recommends against paying. According to cybersecurity industry reports, a significant percentage of businesses that pay never fully recover their data, and paying marks you for repeat targeting. In many cases, we can recover data from backups or find free decryption tools.

How did we get ransomware?

The most common entry points: phishing email with a malicious attachment (the most common entry point), exposed Remote Desktop Protocol (RDP) with weak passwords, unpatched software vulnerabilities, and compromised third-party vendor access. We identify the specific entry point during our investigation.

Are we legally required to report this?

Under PIPEDA, if the breach creates a "real risk of significant harm" to individuals, you must report it to the Office of the Privacy Commissioner of Canada and notify affected individuals. Alberta's PIPA has similar requirements. We help you assess notification obligations and work with your legal team.

Will cyber insurance cover this?

Most cyber insurance policies cover ransomware incidents, including incident response costs, business interruption, and data recovery. Notify your insurer immediately — many policies require notification within 24-48 hours. They may also provide their own incident response resources that complement ours.

How long does ransomware recovery take?

It depends on the scope. If backups are clean and recent, critical systems can be restored in 24-48 hours. Full recovery (all systems, all data) typically takes 3-7 days. If no backups exist, recovery is more complex and may take weeks. We provide realistic timelines within the first few hours.

How do we prevent ransomware in the future?

The most effective protections: immutable offsite backups (can't be encrypted), email filtering with phishing protection, endpoint detection and response (EDR), multi-factor authentication on all remote access, regular security awareness training, and patching/updates. Our cybersecurity services cover all of these.

Other IT Emergencies

Email Compromised Data Loss Server Down Network Outage

Prevent this from happening again. Endpoint protection, email security, and 24/7 threat monitoring prevent most ransomware attacks before they start.

Learn About Our Cybersecurity Services