Posts

Showing posts from May 9, 2021

Incident response handling for ransomware

Image
Welcome readers back to my blog. Today we will have a run-through in terms of performing incident response on ransomware breaches. Ransomware as we all know is becoming an increasing menace the world over, many firms keep getting compromised one way or another due to this specialized attack. The most critical factor in handling incident response would range around how effective firms do tackle such incidents. TL; DR: Validate the attack Gather the incident response team Analyze the incident and perform a thorough investigation  Contain the incident Eradicate the malware and its traces Perform post-incident analysis and monitoring Perform a post mortem analysis and prepare the lessons learned  In this part, let’s focus majorly on validation, analysis, containment phases.  Let’s take a look as a refresher for how best to handle such incidents (and also others similar in nature)  1.    Initial Triaging a.      Start with the aim to limit the infection, measures include such as: switching