RANSOMWARE – What an Incident Response Team Will Do ▪ Identify initial point of compromise ▪ Identify indicators of compromise (IOCs), malware and tools used by the threat actors ▪ Determine lateral movement by threat actors ▪ Identify vulnerabilities ▪ Retain and engage with negotiation specialist ▪ Establish a timeline from initial breach of network to deployment of ransomware ▪ Identify folders and files accessed, as well as locate any proof of exfiltration ▪ Draft report of investigation ▪ Provide evidence / opinions relevant for legal/business decisions 12
Made with FlippingBook - Online catalogs