This is a guide about urgent actions to take when a ransomware has hit your company.
Preparation is key whenever dealing with a ransomware attack. The primary goal is to make sure organisations are prepared and don’t need to improvise once a disaster strikes, which will cause additional mistakes that may result in losing even more data.
Preparation includes making sure which teams you need (technical, crisis, communications, …) and how these people can be efficiently reached. While preparing (i.e. your playbook is available, you have put it to the test with an exercise), make sure this also includes a process to keep everything up-to-date.
The steps outlined below are the minimum ones that you will need to follow in case of a ransomware attack, hopefully by applying your disaster recovery plans, if not done so we hope the guidelines below will highlight the important action items.
Recover from a ransomware attack is not done in a few hours and will take typically weeks or months. However, taking actions in the hours following a confirmed attack are crucial.
Visual High level steps
Views: 2