Skip to main content
NEW Advanced Threat Defense now includes AI-powered URL analysis Learn more →
Foundational 2 min read

What to do If You’re Hit by Ransomware – Part 2

Brad Slavin
Brad Slavin CEO
Updated April 18, 2026 | Updated for 2026

Quick Answer

As we mentioned in[ Part 1](/blog/what-to-do-if-youre-hit-by-ransomware/), when it comes to dealing with ransomware, you basically have three choices: _pay it, don't pay it or avoid it in the first place by deploying anti-phishing software_.

Share

As we mentioned in Part 1, when it comes to dealing with ransomware, you basically have three choices: pay it, don’t pay it or avoid it in the first place by deploying anti-phishing software.

Naturally, here at Phish Protection we think you should be proactive and use our inexpensive and easy-to-deploy cloud-based phishing protection with Advanced Threat Defense to avoid it in the first place. But, what if it’s too late? What if you’ve already been hit by ransomware?

If you’ve been hit by ransomware AND you’ve decided not to pay it, there’s a resource you should know about. It’s called No More Ransom (NMR) and it “is an initiative by Europol’s European Cybercrime Centre, the National High Tech Crime Unit of the Netherlands’ police and McAfee to help victims of ransomware retrieve their encrypted data without having to pay to the criminals.”

Europol is “the European Union’s law enforcement agency. Their main goal is to achieve a safer Europe for the benefit of all the EU citizens.” Even though Europol is for the benefit of EU citizens, there’s no reason why people outside the EU cannot take advantage of their initiative.

What NMR does is it figures out how to decrypt a strain of ransomware and when it does, it makes the tool for decrypting it available, for free, on the web. To date, they have “broken the code” on over a dozen ransomware variants. According to an article on SC Magazine, “the site has helped more than 200,000 people recover files after a ransomware attack.” That’s impressive, since the site was launched in July 2016.

So, how does NMR work? According to their site, there are just four steps:

  • Upload two encrypted files and the ransomware note to the NMR Crypto Sheriff
  • The Crypto Sheriff matches the information against a list of available decryption tools
  • If there is a positive hit, the link to the tools is provided. The victim only needs to follow the instructions to unlock their files.
  • If no tool is available at the moment, the victim is advised to continue checking in the future, as new tools are added on a regular basis.

It’s not as good as avoiding ransomware in the first place, but it’s better than nothing. If you get stung by ransomware and want to avoid paying the ransom, check out No More Ransom. And then immediately after you get your files back unencrypted, head on over to Phish Protection to make sure it doesn’t happen again. 

No More Ransom is available in 35 languages.

Topics

Phishing Awareness
Brad Slavin
Brad Slavin

CEO

Founder and CEO of DuoCircle. Product strategy and commercial lead across DuoCircle's 2,000+ customer base.

LinkedIn Profile →

Protect your inbox from phishing attacks

Advanced email security for your organization. 60-day free trial — no credit card required.

Start Free Trial View Pricing
DMARC Report Monitor and enforce DMARC across all your domains
AutoSPF Automatic SPF flattening — fix "too many DNS lookups"

Related Articles

Foundational 5m

0ktapus – Okta Breach Helps Attackers Launch Sophisticated Supply Chain Attacks

Foundational 14m

12 Real-World Spear Phishing Examples And The Red Flags You Missed

Foundational 2m

8 million Android users fell prey to SpyLoan malware on Google Play Store

Foundational 1m

A Big Part of the Phishing Problem is You