As Ransomware Attacks continue to Rise, the FBI has released a new bulletin for Organizations Impacted or Hacked by a Ransomware Attack the FBI Recommends the following immediate Actions, according to an FBI Bulletin Released on July 7, 2021 and Updated Yesterday, July 8, 2021.
The following Actions are Recommended if Your Business is affected by a Ransomware Attack.
- Isolate the infected system: Remove the infected system from all networks, and disable the computer’s wireless, Bluetooth, and any other potential networking capabilities. Ensure all shared and networked drives are disconnected, whether wired or wireless.
- Turn off other computers and devices: Power-off and segregate (i.e., remove from the network) the infected computer(s). Power-off and segregate any other computers or devices that shared a network with the infected computer(s) that have not been fully encrypted by ransomware. If possible, collect and secure all infected and potentially infected computers and devices in a central location, making sure to clearly label any computers that have been encrypted. Powering-off and segregating infected computers and computers that have not been fully encrypted may allow for the recovery of partially encrypted files by specialists. (See Before You Connect a New Computer to the Internet for tips on how to make a computer more secure before you reconnect it to a network.)
- Secure your backups: Ensure that your backup data is offline and secure. If possible, scan your backup data with an antivirus program to check that it is free of malware.
Refer to Joint Cybersecurity Advisory: AA20-245A: Technical Approaches to Uncovering and Remediating Malicious Activity for more best practices on incident response.
Note: CISA and the FBI do not encourage paying a ransom to criminal actors. Paying a ransom may embolden adversaries to target additional organizations, encourage other criminal actors to engage in the distribution of ransomware, and/or may fund illicit activities. Paying the ransom also does not guarantee that a victim’s files will be recovered. CISA and FBI urge you to report ransomware incidents to your local FBI field office.
The Advisory was sent on July 7, 2021. Topgallant will update as required.
CISA offers a range of no-cost cyber hygiene services to help CI organizations assess, identify and reduce their exposure to threats, including ransomware. By requesting these services, organizations of any size could find ways to reduce their risk and mitigate attack vectors.0