Ransomware Recovery - Remediation Guide

PCS LLC | 10/13/2021

Upon Discovery of a Ransomware Incident:

Contact outside legal counsel and advise of the incident. From this point forward, the attorney
should coordinate all communication to protect client confi dentiality.
Isolate any suspected compromised system(s) and bring offl ine.

Block all incoming and outgoing connections, with exceptions for trusted IT staff , in all fi rewalls
at all sites. Disable all Site-to-Site VPN Tunnels. If working with an EDR product, ensure
that communication is permitted on the applicable ports and public DNS forwarders are still

Stop, Pause, and/or Disable all Backup Tasks, and any fi le replication. Isolate backup storage
devices from the network.

Review all Active Directory Accounts and ensure all are legitimate. Confi rm all Domain Admins
are appropriate. Identify any unneeded or potentially compromised accounts and disable.
Reset passwords for all administrative accounts and privileged service accounts.
Review all

To read more, please log in

Junto Plus
Junto Plus
All too often data breaches arise from insufficient employee passwords—yet improving password security is an easy fix for most organizations to make. Darren Guccione, CEO and cofounder of Keeper Security, which offers password management software as a service, says that companies should be using the technology at their disposal to guard against cyber risk.
12/02/21 | Junto Plus