I wondered what to do if there is a currently ongoing ransomware execution on my computer.
Assuming that I'm "spotting" it while it is encrypting my files, should I power my computer off?
I would say no because it would cancel any memory forensics operation, and maybe some files that are not properly encrypted would be permanently loss. But it would also "save" some of my files if they are not encrypted yet.
What would be the best solution?