Having a plan in place is critical for an effective response to a cyber incident. Incident response (IR) plans help guide an organization when an adversary has taken a foothold in their environment. They are designed to help the security team successfully identify, scope, eradicate, and recover from threats to their environment. For many, their plans work well—if the adversary’s goal is to maintain a long-term foothold and remain stealthy.
However, what if the adversary was not interested in a long-term foothold, and their goal
was not to slowly extract data out of the environment? In recent years, we’ve seen a significant rise in exactly these types of
attacks: ransomware.
In this report, we will address ransomware attacks head-on. These are a different type of attack and thus require that we approach incident detection and
response differently.