RANSOMWARE – What an Incident Response Team Wants to Know (con’t) ▪ Timeline of incident to date
▪ The number and types of systems affected ▪ Ransomware note / contact with threat actors ▪ Whether any indications data was exfiltrated ▪ Whether any systems have been restored ▪ Recent or pending business events or deadlines ▪ Priority systems: function (i.e., payroll) and content (i.e., trade secrets, PII) ▪ Status of backups ▪ Status and capabilities of local IT team ▪ Insurance status
11
Made with FlippingBook - Online catalogs