Cryptolocker and Ransomware Advisory Header Image

Cryptolocker and Ransomware Advisory



It is your responsibility to report a data security breach to the Information Commissioners Office (ICO), based on the guidance provided by the Information Commissioner. Impact Computing does not provide guidance on whether a breach should be reported.


Fraud, Cyber Crime and Phishing Attempts


Where you have been the victim or fraud, cyber-crime or a phishing attempt, you can report it to the police using the following site: Action Fraud UK Police Report. We advise with any security incident that you also inform your bank.


Cryptolocker / Ransomware


In the event that you are the victim of a Cryptolocker/Ransomware infection, please keep the following in mind:


What you need to do:

  • Keep in mind that an unauthorised 3rd party has possibly had access to all your confidential data, including e-mails and attachments, contacts, files and financial information, though this is not an exhaustive list. Consider the risks and what the unauthorised party could do with this information.
  • Prepare your business for some disruption as depending on the scale of the infection a restore from backup is likely to be required and this can take some time. Until we have highlighted the root cause and fixed it, we will have to prevent all access to your server(s).
  • Any of the workstations infected need to be immediately powered off and re-built so expect be without these machines for a few days.
  • For any workstation that has been infected, reset all passwords for any service that the user logs in to including any business applications, for example Sage/IRIS/Act/Quickbooks etc. Please ensure you follow our best practice guidelines for setting passwords.


What we will do:

  • We will reset the password of any accounts that we look after for you.
  • We advise that all infected machines are turned off and unplugged, then bought back to us for rebuilding.
  • We will cut off all access to your server in an attempt to minimise the spread of and damage caused by the ransomware/cryptolocker infection.
  • We will advise that you completely power off infected machine(s) and physically disconnect them from the network.


What you should be aware of:

  • Items most at risk are documents/files that users store locally on their machines/desktops. Remind your staff to store files on network drives where they will be included in the backup.
  • Under the terms of your contract, work relating to the removal and repair of virus or spyware related activity is chargeable.
  • We can offer advanced security on machines to further lock them down and prevent threats, for example our Advanced Windows Security Management product which will automatically disconnect a machine from the network when a ransomware infection is detected - please contact us for details.