**
What to do in case of Ransomware Attack.
**
1.Disconnect the infected computer. Isolate the other suspected computers from the network.
2.Check other computer sand servers on the network for the signs of encryption, altered files. In case of doubt disconnect from network. Then scan from anti ransomware package without connecting to the network.
3.Avoid paying Ransomware.
4.Report attack to law enforcement if required.
5.Rebuild your operating system, put all the latest security patches and update definitions of you AV. Don't put the generic accounts/passwords which were used earlier org wide. Attacker might have got these credentials already and he can come back on the new machine if same credentials are enabled in new machines.
6.Check all directly attached network storage for the infections and disconnect them from network.
7.Check for the data exfiltration.
8.Warn users not to open/click any suspicious email, as this can infect their machine.
9.Conduct detailed study that how the attack had happened and what was the initial infection point, what vulnerability was leveraged to further attack the systems and propagate in the environment.
10.Enable MFA for users, if not enabled.
For more information you can also reach me out mukesh@eshieldconsulting.com
http://eshieldconsulting.com
Top comments (0)