Sunday, August 14, 2022

The 2022 Ransomware Survival Guide

    

Quan trọng nhất vẫn là steps Before the attack.


Before the attack

  • Back up and restore
  • Update and patch: Keep operating systems, security software (AV / Endpoint Protection Software), applications and network hardware patched and up to date.
  • Invest in robust people centric security solutions (#Me: e.g. SIEM, email security solutions...)
    • Employee training and awareness... people should know what to do, what not to do, how to avoid ransomware and how to report it....
  • Plan your response



During & After the attack 


gồm các việc:

* Call law enforcement
* Disconnect from the network
If the ransomware has already made its way to a server, the security team should isolate it as quickly as possible and map out a response.

* Implement your planned response (thực hiện theo Plan đã lập trong Before the attack)
* ... * Restore from backup

* Cleanup

* Review and reinforce > thực hiện 1 top-to-bottom security assessment.
* Post-mortem review > để xác định nguồn gốc, nguyên nhân lây nhiễm.

* Assess user awareness & Education and training
* Phishing simulation

* Reinforce your technology defences (~ cải tiến công nghệ)
* VD: SIEM > SOC > SOAR

* Secure email GW: hệ thống là những tuyến phòng thủ đầu tiên; con người là tuyến cuối cùng nhưng phải mạnh mẽ nhất (Make your people a strong last line of defence)

* People should know what to do, what not to do, how to avoid ransomware and how to report it. 

* If anyone receives a ransomware demand, they should know to immediately report it to the security team...

 

Plan your response

* "containment and recovery"

* "Critical questions such as: who needs to be informed, how to maintain communications, and how much are you willing to pay (if you’re willing to pay at all) are harder to answer in real time. This pressure creates potential bottlenecks in decision-making and leads to costly delays. Should you decide to pay the ransom, you’ll need to map out an appropriate process that includes key executives, operational staff and legal counsel."

* Response team
* Maintain the Vision using a separated Log System
* Communication 
* ... 

(Nội dung và hình: tham khảo từ Proofpoint - The 2022 Ransomware Survival Guide




1 comment:

Mr Society said...

Ước gì bài viết có thêm ít phụ lục để tham khảo ạ.