How To Report Ransomware To Authorities

Reporting a ransomware incident to authorities is a critical step to finding threat actors involved in perpetrating ransomware attacks. Our data shows that many of these attacks go unreported. To report your ransomware attack, please select your residing country below.

Each country may require different pieces of information. We suggest having the following information if available:

  1. Company Point of Contact
  2. Approximate date/time of the attack
  3. The name of the variant if known
  4. Relevant IP addresses that connected to your network that you do not recognize
  5. A copy or photo of the demand note or splash screen
  6. The file extension of encrypted files
  7. Ransom note
  8. Any email addresses or URL or other method provided by the attacker for communications
  9. Digital wallet address requested by threat actor
  10. Amount demanded if known
  11. Electronic copies if possible for communications if they have already taken place.

If you are a client and require assistance in obtaining any of this information or require ransomware recovery, we can help. (877) 364-5161