If you experience a ransomware attack, the Cybersecurity & Infrastructure Security Agency (CISA) recommends these step-by-step best practices – a process that takes you from detection to containment and eradication.
- Determine which systems were impacted, and immediately isolate them.
- Only in the event you are unable to disconnect devices from the network, power them down to avoid further spread of the ransomware infection.
- Triage impacted systems for restoration and recovery.
- Consult with your incident response team to develop and document an initial understanding of what has occurred based on initial analysis.
- Engage your internal and external teams and stakeholders with an understanding of what they can provide to help you mitigate, respond to, and recover from the incident.
- Take a system image and memory capture of a sample of affected devices (e.g., workstations and servers).
- Consult federal law enforcement regarding possible decryptors available, as security researchers have already broken the encryption algorithms for some ransomware variants.
Don’t forget about protecting your voice platforms and services. CTS can help ensure your systems are continuously updated and secure.
Contact us today: 800.787.4848 or jnolte@ctsmd.us.