For many companies it would be a nightmare to discover that they are the latest unwitting victim of a ransomware attack, capable of crippling computer systems and locking up data if a payment isn’t made to cybercriminals.

There’s no magic wand that can make a ransomware attack simply disappear with no impact at all on an organisation, but you can lessen the problem by carefully following tried-and-trusted steps in the immediate aftermath of an attack.

The Cybersecurity and Infrastructure Security Agency (CISA) and the Multi-State Information Sharing & Analysis Center (MS-ISAC) have jointly released an in-depth guide that not only includes recommendations on how you can reduce the chances of being the next ransomware victim, but also provide a step-by-step checklist for how to respond.

I believe that the ransomware response checklist could be a valuable addendum to organisations’ incident response plans. Your company does have a cyber incident response plan, right?

And the advice couldn’t be more timely, with more and more organisations hit by ransomware attacks that cripple their ability to operate normally.

So, let’s take a look at the checklist step-by-step, focusing specifically on the very first things you should do:

1. Determine which systems were impacted, and immediately isolate them.

If several systems or subnets appear impacted, take the network offline at the switch level. It may not be feasible to disconnect individual systems during an incident.

If taking the network temporarily offline is not immediately possible, locate the network (e.g., Ethernet) cable and unplug affected devices from the network or remove them from Wi-Fi to contain the infection.

If it’s one or two computers that have been infected by the ransomware then you may be able to get away with just disconnecting those PCs and dealing with them individually. But if the (Read more...)