alexkogut/ITManager-Vault
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
220b12583f0ebb09c65b788191fbc0bdf2626bcd
ITManager-Vault/02 Areas/Policies/Incident Response/Response to Ransomware Attack.md
Alexander Kogutkiewicz ac8a9e293b Changed folder naming.
2025-09-21 22:26:43 -05:00

17 lines
889 B
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

---
tags:
- policy
---
1. Tell users to notify IT immediately if S1 notifies of detected malware.
2. Disconnect the infected PC from the network immediately and run a full scan. If you dont know whose is infected, proceed to #3.
3. Look in the root of all network shares for the most recently modified files. There should be a file called PLEASE_READ.txt or something similar. The owner of that/those files is the infected PC.
4. In vSpere web client, edit settings of API-DC11. Find Network adapter 1 uncheck Connected and click OK. This is the equivalent of pulling the plug to that servers network connection. This can be done for other vms as well.
5. If it seems appropriate shut down api-nas01 and api-nas02.
6. Go to the S1 console and run a full computer scan on all computers to verify nobody else is infected.
7. Assess the damage and restore encrypted files.
Reference in New Issue View Git Blame Copy Permalink