alexkogut/ITManager-Vault
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Changed folder naming.

Browse Source
This commit is contained in:
Alexander Kogutkiewicz
2025-09-21 22:26:43 -05:00
parent 837d0bb6ac
commit ac8a9e293b
114 changed files with 139 additions and 62 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
02 Areas/Policies/Incident Response/Incident Response.base Normal file
View File

@@ -0,0 +1,7 @@
views:
- type: table
name: Table
filters:
and:
- file.inFolder("2. Reference/Policies/Incident Response")
- file.tags.contains("policy")

17
02 Areas/Policies/Incident Response/Response to Ransomware Attack.md Normal file
View File

@@ -0,0 +1,17 @@
---
tags:
- policy
---
1. Tell users to notify IT immediately if S1 notifies of detected malware.
2. Disconnect the infected PC from the network immediately and run a full scan. If you dont know whose is infected, proceed to #3.
3. Look in the root of all network shares for the most recently modified files. There should be a file called PLEASE_READ.txt or something similar. The owner of that/those files is the infected PC.
4. In vSpere web client, edit settings of API-DC11. Find Network adapter 1 uncheck Connected and click OK. This is the equivalent of pulling the plug to that servers network connection. This can be done for other vms as well.
5. If it seems appropriate shut down api-nas01 and api-nas02.
6. Go to the S1 console and run a full computer scan on all computers to verify nobody else is infected.
7. Assess the damage and restore encrypted files.