Stuff to do after a cryptolocker infection

  1. Disconnect all computers and servers from the Internet ( to stop hack and stop encrypting ) 
  2. Find the Source of the Hack ( Sometimes this can be as easy as finding the server and PC that started Encryption )
  3. Restore Servers from a backup to a point in time before the hack and rebuild and compromised workstations
  4. Check customer passwords on https://hashcast.axur.com/pricing or haveibeenpwned 

Tools

  1. MFA , MFA , MFA
  2. Windows and Software and Hardware Updates everywhere ( Reduce attack vector ) 
  3. Install a good antivirus like SentinelOne to stop future hacks
  4. Make sure your Router has things like IPS and Web Filtering
  5. Make sure you have a good spam filter in front 
  6. Run pingcastle.com report on AD Security 
  7. https://pariswells.com/blog/research/ioc-scanners-after-crypto
  8. Randomize Local Administrator passwords with a tool like Local Administrator Password Solution (LAPS) to prevent lateral movement using local accounts with shared passwords
  9. User Phish Testing
1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...