Post Attack Actions

,

I have been surprised across the last few years how often I've heard of someone at a company suffering a ransomware attack. Not a highly publicized attack in the media, but a quiet conversation from a friend. There are well publicized ones, but many that never make the news.

Apparently there were nearly 200 mm attacks in Q3. That's incredible, according to a survey. That feels high, but maybe these are multiple attacks against an organization or they are counting each machine affected. It's hard to tell, but that's quite a few.

In any case, if you're attacked, what do you do? I saw an article on steps to take, most of which I would expect any sysadmin to think of. However, I also know you might be stressed or some into a situation where many people are distracting you, so it certainly pays to have a checklist of how to tackle things.

There are some very creative methods of hiding malware inside of operating systems and backups, but I don't know that I've seen anyone attack something like a SQL Server backup. I would certainly make sure that I had these file backups saved in a way that I can recover them without recovering the host OS. I might also think about putting any disk storage backups on a different OS, reducing the chance that you would lose both to an attack.

A ransomware attack is a disaster, and those are always stressful. However, the more you prepare and practice, and think through the possibilities, the greater the likelihood you can recover. Preparation is key here, so if you manage systems, spend some time thinking about being prepared today.

Rate

5 (1)

Share

Share

Rate

5 (1)