Maximize your protection, eliminate business risks.
Optimize and modernize with cloud transformation.
Empower your people to work securely from anywhere.
Let us handle IT so you can focus on growing your business.
Get multichannel 24/7/365 expert end-user support.
Stay ahead of attacks with 24/7 protection and monitoring.
Maximize uptime with with industry-leading DRaaS.
Improve efficiency, productivity and outcomes with cloud.
Ensure all mobile devices, everywhere, are secure.
Gain a competitive edge with strategic IT solutions.
This battle-tested checklist enables your team to swiftly initiate a ransomware response.
IT for businesses of all sizes, in any industry.
Empower institution growth with custom IT solutions.
Ensure your firm is always in compliance.
Improve patient care and staff morale.
Deal with pressing legal matters, not IT.
Keep up with the evolving digital landscape.
Focus on your mission by outsourcing IT.
Accelerate PE client deals and secure data.
Leverage your technology as a strategic asset.
Execute initiatives and develop IT strategies.
Get the latest industry insights and trends.
Join us at events in person and online.
Hear from clients and learn more about strategic IT.
See how Dataprise can make IT your greatest asset.
Get informative technical resources from IT experts.
Stay on stop of emerging cybersecurity threats.
Discover the key areas of DR your organization needs to address to ensure downtime is minimized.
Gain a strategic asset by bringing harmony to IT.
Ensure 24/7 support and security with dedicated teams.
Drive business forward by partnering with Dataprise.
Meet our one-of-a-kind leadership team.
Discover the recognition Dataprise has earned.
Help us help businesses with strategic IT.
Embracing different perspectives and backgrounds.
Find a Dataprise location near you.
Dataprise is committed to empowering more women to consider a career in technology.
Whitepapers & Datasheets
Table of content
Plan, Plan, Plan. The first and potentially most critical step to effectively navigating a ransomware attack is ensuring that you are prepared for the incident.
Having an incident response plan is foundational as it provides instructions to help your cyber team detect, respond to and recover from a security incident. It covers specific response actions based on the type of security incident – from ransomware to a breach to an account compromise – and provides a playbook for how to respond and who to notify.
Build an Incident Response Team or Identify an IR Partner. As the CIO, you’re the leader but it takes a team. During a security incident or ransomware attack is not the time to discover your staff isn’t prepared. As part of response planning, build your emergency response team or CIRT (Cyber Incident Response Team) and define clear rules and responsibilities.
If you do not have the internal security staff to manage a ransomware attack, consider finding an incident response (IR) partner now to keep on retainer for emergency response. The retainer approach is less expensive than ad-hoc emergency response services. If you maintain cyber insurance, your insurance provider may have a list of approved IR vendors, so ensure you select a partner that will be covered.
Prepare for Sound Forensics. Finally, if you operate in a heavily regulated industry, maintaining a sound cyber incident forensics chain is key to determining notification requirements. The forensics chain will allow you to follow the intruder and know what systems, records and data were impacted. As part of response planning, ensure you have the technology and processes to capture and maintain the digital fingerprints.
Conduct Tabletop Exercises. To test the plan and support a seamless response, conduct exercises at least annually on ransomware. This ensures that the first time you have an incident is not the first time you’re following the plan.
Maintain a Modern Backup Strategy. Backups and ransomware recovery go hand-in-hand but not all backup strategies are created equal. There is a big difference between having backups and having a backup strategy supported by modern technology that enables rapid recovery as well as prevents ransomware from encrypting the backups.
The steps outlined above (plan, response team, practice and backups) will enable your team to swiftly initiate the ransomware response including the following phases.
Isolate: Isolate and contain is the name of the game. Organizations must quickly stop the spread as ransomware is built jumping from machine to machine and spreading laterally quickly.
Containment: Preserving forensic evidence while containing the ransomware is essential. While instinct may say “pull the power cord,” ensure your employees know not to do this. New malware is not written to disk, rather everything is in the memory. If power is turned off, the machine’s memory is erased and forensic data is lost.
Instead, pull the network cable or use your endpoint solution to isolate the machine(s) to prevent communication on the network. Remind your team that to “pull the network cable” in a virtual environment, you can disable the network interface on the hypervisor.
Once the attacker loses access, it prevents them from executing anti-forensic actions to cover their tracks or destroy evidence. Skilled attackers will patch the vulnerabilities they used to gain access, delete their tools and erase logs to compromise a forensic investigation.
Eradicate and Recover: With isolation and containment executed, the next phases are eradication and recovery. The forensic investigation and business restoration are typically conducted simultaneously. The forensics team will focus on collecting data and logs as well as building a virtual copy of the impacted machines to following the chain.
For business restoration this is where backups are critical as they allow organizations to easily recover valuable data and avoid paying the ransom.
The Cybersecurity and Infrastructure Security Agency (CISA) published a detailed Ransomware Checklist, which goes into great depth on each step an organization should take. Following are the categories it covers to help frame your planning. Download the full Checklist for more detail.
Tabletop exercises are designed to help organizations walk through potential cyber risk scenarios, evaluate cybersecurity posture, and identify potential gaps.
Download the full CIO’s Ransomware Checklist PDF to access our Tabletop Exercise which is a constructive and convenient tool that can be completed within 30 minutes.
INSIGHTS
Subscribe to our blog to learn about the latest IT trends and technology best practices.