--- title: "What to do If You’re Hit by Ransomware, Part 2 | Phish Protection" description: "What to do If You" image: "https://phishprotection.com/og/blog/what-to-do-if-youre-hit-by-ransomware-part-2.png" canonical: "https://phishprotection.com/blog/what-to-do-if-youre-hit-by-ransomware-part-2/" --- Quick Answer As we mentioned in\[ Part 1\](/blog/what-to-do-if-youre-hit-by-ransomware/), when it comes to dealing with ransomware, you basically have three choices: \_pay it, don't pay it or avoid it in the first place by deploying anti-phishing software\_. Share [ ](https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fwhat-to-do-if-youre-hit-by-ransomware-part-2%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=What%20to%20do%20If%20You%E2%80%99re%20Hit%20by%20Ransomware%2C%20Part%202&url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fwhat-to-do-if-youre-hit-by-ransomware-part-2%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fphishprotection.com%2Fblog%2Fwhat-to-do-if-youre-hit-by-ransomware-part-2%2F "Share on Facebook") [ ](https://reddit.com/submit?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fwhat-to-do-if-youre-hit-by-ransomware-part-2%2F&title=What%20to%20do%20If%20You%E2%80%99re%20Hit%20by%20Ransomware%2C%20Part%202 "Share on Reddit") [ ](mailto:?subject=What%20to%20do%20If%20You%E2%80%99re%20Hit%20by%20Ransomware%2C%20Part%202&body=Check out this article: https%3A%2F%2Fphishprotection.com%2Fblog%2Fwhat-to-do-if-youre-hit-by-ransomware-part-2%2F "Share via Email") ![Phish Protection blog post image](https://media.mailhop.org/phishprotection/images/2019/08/anti-phishing-service-6749.jpg) As we mentioned in[ Part 1](/blog/what-to-do-if-youre-hit-by-ransomware/), when it comes to dealing with ransomware, you basically have three choices: _pay it, don’t pay it or avoid it in the first place by deploying anti-phishing software_. Naturally, here at[ Phish Protection](/) we think you should be proactive and use our inexpensive and easy-to-deploy **cloud-based phishing protection** with[ Advanced Threat Defense](/products/advanced-threat-defense/) to avoid it in the first place. But, what if it’s too late? What if you’ve already been hit by ransomware? ![Anti phishing service](https://media.mailhop.org/phishprotection/images/2019/08/anti-phishing-service-6749.jpg) If you’ve been hit by ransomware AND you’ve decided not to pay it, there’s a resource you should know about. It’s called[ No More Ransom](https://www.europol.europa.eu/activities-services/public-awareness-and-prevention-guides/no-more-ransom-do-you-need-help-unlocking-your-digital-life) (NMR) and it “is an initiative by Europol’s European Cybercrime Centre, the National High Tech Crime Unit of the Netherlands’ police and McAfee to _help victims of ransomware retrieve their encrypted data without having to pay to the criminals_.” [Europol](https://www.europol.europa.eu/about-europol) is “the European Union’s law enforcement agency. Their main goal is to achieve a safer Europe for the benefit of all the EU citizens.” Even though Europol is for the benefit of EU citizens, there’s no reason why people outside the EU cannot take advantage of their initiative. What NMR does is it figures out how to decrypt a strain of ransomware and when it does, it makes the tool for decrypting it available, for free, on the web. _To date, they have “broken the code” on over a dozen ransomware variants_. According to an[ article](https://www.scmagazine.com/home/security-news/ransomware/no-more-ransom-saves-ransomware-victims-108-million/?utm%5Fsource=newsletter&utm%5Fmedium=email&utm%5Fcampaign=SCUS%5FNewswire%5F20190729&hmSubId=01xQvtS0ero1&email%5Fhash=0da939dab246e8101d6090def505f6f5&mpweb=1325-9434-1896988) on SC Magazine, “the site has helped more than 200,000 people recover files after a **ransomware attack**.” That’s impressive, since the site was launched in July 2016. ![Anti phishing solutions](https://media.mailhop.org/phishprotection/images/2019/08/anti-phishing-solutions-7346.jpg) So, how does NMR work? According to their site, there are just four steps: - Upload two encrypted files and the ransomware note to the NMR[ Crypto Sheriff](https://www.nomoreransom.org/crypto-sheriff.php?lang=en) - The Crypto Sheriff matches the information against a list of available decryption tools - If there is a positive hit, the link to the tools is provided. The victim only needs to follow the instructions to unlock their files. - If no tool is available at the moment, the victim is advised to continue checking in the future, as new tools are added on a regular basis. _It’s not as good as avoiding ransomware in the first place_, but it’s better than nothing. If you get stung by ransomware and want to avoid paying the ransom, check out[ No More Ransom](https://www.nomoreransom.org/en/index.html). And then immediately after you get your files back unencrypted, head on over to[ Phish Protection](/) to make sure it doesn’t happen again. No More Ransom is available in 35 languages. ## Topics [ Phishing Awareness ](/tags/phishing-awareness/) ![Brad Slavin](https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg) [ Brad Slavin ](/authors/brad-slavin/) General Manager Founder and General Manager of DuoCircle. Product strategy and commercial lead across DuoCircle's 2,000+ customer base. [LinkedIn Profile →](https://www.linkedin.com/in/bradslavin) ## Protect your inbox from phishing attacks Real-time email security with 60-day free trial. No credit card required. [Start Free Trial](https://portal.duocircle.com/cart.php?a=add&pid=101&brand=phishprotection) [View Pricing](/pricing/) ## Related Articles [ Foundational 5m 0ktapus, Okta Breach Helps Attackers Launch Sophisticated Supply Chain Attacks Sep 5, 2022 ](/blog/0ktapus-okta-breach-helps-attackers-launch-sophisticated-supply-chain-attacks/)[ Foundational 14m 12 Real-World Spear Phishing Examples And The Red Flags You Missed Feb 4, 2026 ](/blog/12-real-world-spear-phishing-examples-and-the-red-flags-you-missed/)[ Foundational 2m 8 million Android users fell prey to SpyLoan malware on Google Play Store Dec 5, 2024 ](/blog/8-million-android-users-fell-prey-to-spyloan-malware-on-google-play-store/)[ Foundational 1m A Big Part of the Phishing Problem is You Sep 17, 2019 ](/blog/a-big-part-of-the-phishing-problem-is-you/) ```json {"@context":"https://schema.org","@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]} ``` ```json {"@context":"https://schema.org","@type":"WebSite","name":"Phish Protection","url":"https://phishprotection.com","description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}} ``` ```json {"@context":"https://schema.org","@type":"BlogPosting","headline":"What to do If You’re Hit by Ransomware, Part 2","description":"What to do If You're Hit by Ransomware, Part 2: As we mentioned in Part 1, when it comes to dealing with ransomware, you basically have three choices: pay.","url":"https://phishprotection.com/blog/what-to-do-if-youre-hit-by-ransomware-part-2/","datePublished":"2019-08-07T07:43:35.000Z","dateModified":"2026-04-17T15:43:10.000Z","dateCreated":"2019-08-07T07:43:35.000Z","author":{"@type":"Person","@id":"https://phishprotection.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://phishprotection.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin is the founder and General Manager of DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. He founded DuoCircle in 2014 and has led the company's growth to 2,000+ customers across its email security product family. Brad's focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://phishprotection.com/blog/what-to-do-if-youre-hit-by-ransomware-part-2/"},"articleSection":"foundational","keywords":"Phishing Awareness","wordCount":439,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/phishprotection/images/2019/08/anti-phishing-service-6749.jpg","caption":"Phish Protection blog post image","width":1200,"height":630},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}} ``` ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://phishprotection.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://phishprotection.com/blog/"},{"@type":"ListItem","position":3,"name":"Foundational","item":"https://phishprotection.com/foundational/"},{"@type":"ListItem","position":4,"name":"What to do If You’re Hit by Ransomware, Part 2","item":"https://phishprotection.com/blog/what-to-do-if-youre-hit-by-ransomware-part-2/"}]} ```