Phase two – discovering the impact
Once we have validated that we have been affected by a ransomware attack, we need to understand the impact of the attack. How many endpoints and how many servers have been compromised?
It should be noted that in addition to a technical investigation, if your organization is in a country that is part of the EU and therefore needs to comply with the GDPR, you also need to notify the supervisory authority without delay, at the latest within 72 hours after having become aware of the breach. In addition, you should contact the local authorities.
Here are the steps involved:
- Validate how you can tell that ransomware is present on machines, either by seeing changes in the desktop background or specific file extensions on the desktop or machines. If files on a machine have now changed the extension to CRYPT or other extensions, this can be the first clue to validate what kind of ransomware variant it is and a way to determine whether...
