Security task force members take on ransomware
The members of Beltug’s security task force have contributed to the paper ‘How to respond to a ransomware attack in 12 steps‘, a publication of Cert.be, the federal Computer Emergency Response Team, which is the operational service of the Centre for Cyber Security Belgium (CCB).
04 / 07 / 22
The paper is a practical and short guide about urgent actions to take when your organisation is victim of a ransomware attack. The response starts with assessing the extent of the attack. Once you know what data were on the encrypted machines and have been exfiltrated, you can build your response.
Some other interesting points include:
- Don’t turn off the infected devices or shut down the systems, but isolate them as much as possible. Having a running system might help when conducting detailed (forensic) analysis.
- Assume that your business communication tools have been compromised, so communicate about your response through a separate and secure channel.
- Set-up a crisis management team.
The security task force members unanimously expressed their wish that this paper highlight the need to take action now, before an attack happens. So, define your crisis team and cyber incident response plan beforehand, including the steps. Maybe even contract with a cyber incident response firm.
Also set up your communication plan: it is nearly impossible to do this once the cyber security incident has occurred.