One of the top articles I’ve ever read regarding ransomware and recovery was written by a Russian out of Boston, Maria Korolov. Since the majority of ransomware attacks originate in Russia I suppose it helps to speak the language? Only thing I’d add to her article is to emphasis NEVER keep backup appliances authenticated to a domain and never allow Active Directory authentication onto them. Any AD authentication should be TO the destination file or folder path on the source server using a designated AD account. Nothing should ever be allowed to authenticate onto the appliance or backup server using AD authentication. The initial harvest of AD credentials, used to perform most ransomware attacks, makes AD authenticated backup systems vulnerable. To date I’ve brought two enterprise environments back on-line within 24 hours post-encryption, no ransom, no keys with zero forward facing downtime to customers or vendors using locally authenticated backup appliances. The information in Maria’s article lays out how it’s properly done.
https://www.csoonline.com/article/3627828/ransomware-recovery-8-steps-to-successfully-restore-from-backup.html
Subscribe
Login
0 Comments