Recovery & Incident Response

How do you report a ransomware attack?

Report internally to your security and legal teams first, then to the appropriate authorities — in the United States, CISA and the FBI (including IC3) — and notify your cyber insurer, since policies often require prompt reporting. Regulated organizations may also face mandatory disclosure obligations.

Accurate reporting depends on evidence: what was compromised, when, and from which recovery point you can safely restore. Elastio produces timestamped attestations and a full audit trail mapped to frameworks such as NYDFS, DORA, and SEC disclosure, giving regulators and insurers verifiable records of recovery point integrity.

Last updated May 27, 2026

Related terms

Attestation NYDFS DORA

Related Elastio resources

SolutionCompliance Audit Readiness PlatformElastio Compliance

See how Elastio proves clean recovery

Elastio hunts for ransomware inside your live, replicated, and backup data and pinpoints the last recovery point proven clean.

Explore the platform Request a demo

Related questions

What is incident response?How does Elastio prevent reinfection during recovery?Does Elastio produce evidence for audits, insurers, and the board?What should you do if attacked with ransomware?What to do if your computer is infected with ransomware?What to do after a ransomware attack?

PreviousHow long does it take to recover from ransomware?NextWhat is incident response?