Slightly better formatting; replaced curly double quotes

# removed odd 40-space indent of entire script
# replaced curly open/close double quotes with normal double quotes

#Second Delay
sleep -Seconds 1

#Looks in event log.
$RansomwareEvents = Get-Winevent -FilterHashtable @{logname='Application';ProviderName="SRMSVC"; ID=8215}
$username = ($RansomwareEvents.message).split()[1]
$username = $username -replace ".*\\"

#Blocks SMB shares access for user but not network
Get-SmbShare | Where-Object currentusers -gt 0 | Block-SmbShareAccess -AccountName $username -force

#get name of computer and domain name for email message
$computername = Hostname
$domain = (Get-WmiObject win32_computersystem).domain

#Send Email Report

$SMTPPort= "25"
$SMTPUsername = "test"
$SMTPPassword= "test"
$SMTPServer= "192.168.3.150"
$SMTPFrom = "test@mydomain"
$SMTPto = "test@mydomain"

$client = hostname
$messageSubject = "SERVER $computername on the domain $domain IS INFECTED AND BEING ATTACKED BY RANSOMEWARE"
$messagebody= "The User $username has infected the server. They have been denied access to all file shares. CALL USER NOW TURN OFF COMPUTER OR SERVER NOW! AFTER DAMAGE CONTROL. Once they have been disinfected, run the following powershell command on the server $computername to unblock the user from file shares: get-smbshare | where-object Name -notlike *$ | unblock-smbshareaccess -account $username -force "
$message = New-Object System.Net.Mail.MailMessage $smtpfrom, $smtpto
$message.Subject = $messageSubject
$message.IsBodyHTML = $true
$message.Body = $messagebody
$smtp = New-Object Net.Mail.SmtpClient($SMTPServer, $SMTPPort)
$SMTP.EnableSsl= $false
$smtpCreds = New-Object System.Net.NetworkCredential($SMTPUsername, $SMTPPassword)
$smtp.Send($message)

# Restart FSRM services to allow script to re-trigger.

restart-service "File Server Resource Manager" -force