How should infected systems be handled?
There are no general recommendations for action here, as knowledge of the type of infection must already be available.
In the case of a system that is currently being encrypted, it should be shut down or disconnected from the power supply as quickly as possible to avoid data loss. In the case of a system that is sending spam, unplugging the Ethernet cable is sufficient.
In all cases, however, do not panic and never delete data, as this will destroy any evidence.
