Stuff to do after a cryptolocker infection

  1. Disconnect all computers and servers from the Internet ( to stop hack and stop encrypting ) 
  2. Find the Source of the Hack ( Sometimes this can be as easy as finding the server and PC that started Encryption )
  3. Restore Servers from a backup to a point in time before the hack and rebuild and compromised workstations
  4. Check customer passwords on or haveibeenpwned 


  1. MFA , MFA , MFA
  2. Windows and Software and Hardware Updates everywhere ( Reduce attack vector ) 
  3. Install a good antivirus like SentinelOne to stop future hacks
  4. Make sure your Router has things like IPS and Web Filtering
  5. Make sure you have a good spam filter in front 
  6. Run report on AD Security 
  8. Randomize Local Administrator passwords with a tool like Local Administrator Password Solution (LAPS) to prevent lateral movement using local accounts with shared passwords
  9. User Phish Testing
GD Star Rating
GD Star Rating

Trackback from your site.