With the increasing sophistication and scale of ransomware attacks, hiding your head in the sand and hoping not to be among the victims is, without doubt, a doomed strategy.
Elements of a recovery plan:
Preparation
This phase is to prepare your business for the ransomware attacks it may experience. It includes, but is not limited to, the application of the best practices mentioned above. It's about establishing and implementing your ransomware prevention checklist.
Detection
The way a company detects a ransomware infection can vary depending on the situation, but in most cases an employee is unable to access files or notices that certain services are no longer accessible.
The urgency then is to identify all infected systems and those in imminent danger of being infected.
Analysis
The analysis phase essentially focuses on two aspects:
-Identify the specific variant of the ransomware in action
-Determine how the ransomware entered the business (root cause analysis)
Containment
The containment phase is an essential element of the response plan. Once a system has been identified as potentially containing ransomware, the computer suspected of being infected should be immediately removed from your networks, and either shut down or ideally put into hibernation to aid in analysis, while minimizing the risk of the ransomware continuing the encryption process.
Eradication
The eradication phase involves removing the ransomware from infected systems across the enterprise. Depending on the extent of the attack, this operation can take a long time and can affect both user devices and servers that have been affected.
Recovery
Once a business has contained the ransomware and identified the root cause of the infection, there are several considerations that a business should consider when entering the recovery phase.
Post mortem review
A post mortem review is an important part of the response plan and should not be overlooked. After any incident, large or small, it is recommended that you meet with relevant stakeholders and discuss what worked well and review what did not.
This type of analysis can help your business improve processes over time and ensure that future incidents are handled more effectively, and therefore minimize the potential impact.
To learn more : blog.present.ca/how-to-recover-from-a-ransomware-a…
PresentCanada