US officials: Do these 7 things after a ransomware attack

Hannah Mitchell - Print  | 

As ransomware attacks persist, the federal government is developing recommendations for companies on how to respond to an attack. The Cybersecurity and Infrastructure Security Agency recommended hospitals to follow these seven steps:

  1. Determine which systems have been affected and isolate them immediately.

  2. If unable to disconnect devices from the network, turn them off to avoid further spread.

  3. Triage affected devices for restoration.

  4. Document what has occurred, based on initial analysis.

  5. Get help from a third-party incident response provider.

  6. If mitigation prospects look slim, take a system image and memory capture of a sample of affected devices. Be mindful of preserving evidence. Collect relevant logs and samples of malware binaries.

  7. Consult federal law enforcement regarding decryptors available as researchers have broken encryption algorithms for some ransomware variants. 

Copyright © 2021 Becker's Healthcare. All Rights Reserved. Privacy Policy. Cookie Policy. Linking and Reprinting Policy.