Ransomware_Handout(1).pdf
PIN_20201125-001.pdf
PIN 20210114-001.pdf
FLASH-MU-000139-MW.pdf
FLASH_AC-000129-TT.pdf
Here are some key points:
Prevention guidance for private industry:
- Establish Security Policies…then prioritize
- Support Established Security Policies
- Monitor and Analyze Network Traffic
- Assess Vulnerabilities
- Configure Systems for Security
- Support/Provide Training for Employees
- Maintain good patch management and software upgrades
- Create a mobile device action plan
- Regular backup copies of critical data
- Control physical access to computers and servers
- Secure your wireless networks
- User access management
- Password management and multi-factor authentication
Incident guidance for private industry:
- Follow your emergency plan and start protecting your data.
- Call the local FBI field office.
- Preserve original media as evidence (if not, ask for a forensic image).
- Request your IT specialists conduct analysis from a copy instead of the original (if possible).
- Gather all pertinent log files (DNS, Firewall, Proxy, System Event Logs).
- Contact ISP for additional logs and possibly provide filtering.
- Conduct a damage assessment (including damage valuation).
DHS site for ransomware guidance: https://www.cisa.gov/ransomware