7-Step Response Plan for Ransomware Attack

7-Step Response Plan for Ransomware Attack

Step 1: Unplug affected laptops, PCs and other devices from the network – but DO NOT shut them down.

Step 2: Make a call. Don’t send an email alert about the attack (you need to be offline); rather phone your external cyber security support or responsible internal resource.

Step 3: Carry out a first-level forensic investigation to ascertain the extent of the threat. Which domain? What ransomware are you facing? What network elements are affected? This is why you need to keep your laptops running after you’ve unplugged them from the network.

Step 4: Protect what is still safe. It is a mistake to focus on restoration at this stage. Instead, you need to stop the ransomware propagating before you begin to restore your laptops. How? Shut down the network elements identified in Step 3.

Step 5: Clean your IT landscape. If you know what the ransomware is, where it entered your network, and who has been targeted, you can start to remove the threat. Don’t forget to correct your master images before doing a full restore of the laptops. If the ransomware was propagated through email or a file, think about people who are out of office: remove the mail, or files from servers, sharing services, laptops, etc.

Step 6: Begin restoration, ideally one laptop at a time – if you restore multiple laptops at once, you risk the ransomware trying again. This may be frustrating for your users, but it is an important step in the fight against ransomware.

Step 7: Learn from the attack. Where did the protection fail? What new protection measures should you take? Are there areas on your network that need isolating entirely? Do your data back-up and recovery measures need revamping?

Finally think about Soc as a Service to get alerted of such ransomware attacks before it damages your assets!!

  • Planetbiz Slutions
  • IOT
  • Security
  • Mobility
  • Big Data
  • Cloud
  • Infrastructure Services
  • End-User Solution
  • Software Solutions
  • ELV Solution
  • AV Services
  • Physical Security Solutions
  • Data Centre builds Services