Incident Response - Eradication
We are always available and extremely responsive.
Eradication
The Eradication phase involves removing the ransomware from infected systems across the organization. Depending on the scope of the attack, this operation can be lengthy and may involve both user devices and more pivotal machines and services that have been impacted. X-Force recommends that any system that has been identified as infected with ransomware should be rebuilt from a trusted source, relying on trusted templates and safely-kept settings. Additionally, root cause analyses (RCA) may reveal that the ransomware infiltrated the organization through email or other mechanisms to which other users have access, and those should be examined.
- If the RCA revealed the malware initially arrived through an email message, the organization should search and purge all existing messages still pending within the mail store. Also consider isolating any systems that received the email (or opened it) until is it verified that the ransomware was not executed on those systems.
- If the RCA revealed that the ransomware arrived via a web browser exploit, those sites should be blocked and monitored. The organization should then assess the need to update or remove any vulnerable browser components.
- Passwords for all affected users should be changed as a precaution. This step should be taken carefully and strategically to avoid alerting the attackers. It’s likely an attacker has a number of credential sets and may attempt to use them and pivot the attack if their initial access is suddenly revoked.
News and Resources
San Diego Welcomes Global CITS
A customer-focused IT Services company now has an office in San Diego - The Type of Managed IT that Businesses Want Press Release - San Diego, CaliforniaJanuary 15, 2022 San Diego warmly welcomed CITS Information Technology to be a new and better choice for...
Ransomware – Affecting the Future of your Business
What is Ransomware? Ransomware (definition): An online attack perpetrated by cybercriminals who demand a ransom to release their hold on encrypted or stolen data. In the past decade, attacks that fall under the ‘ransomware’ umbrella have evolved from a consumer-level...