The six most important steps of an Incident Response Plan
The SANS Institute, the world’s leading provider of cyber security training and certification, publishes the results of the SANS 2021 Ransomware Detection and Incident Response Report. The study shows the differences between ransomware and other cyber attacks and how they can be countered.
These differences lead to ways to detect ransomware threat actors at an early stage of the attack lifecycle and ensure that it is more difficult for them to reach the final stage of encrypting files and locking systems. IT security teams that recognize these opportunities are able to secure their networks and detect malicious activity more easily.
Ransomware groups usually follow the same pattern:
- they search for systems with critical paths and compromise the systems in order to establish gateways (usually remote access solutions).
- you are launching an email phishing campaign.
- they exploit known vulnerabilities.
Matt Bromiley, Study author and SANS Instructor
“When a company discovers a ransomware incident in its environment, it is of paramount importance that it acts quickly to deal with the threat. This does not mean that a company would be slow to respond to a threat. However, as soon as a ransomware message is received, the clock is ticking. Companies should therefore be able to rely on a six-stage incident response process from the drawer in an emergency,” says Study author and SANS instructor Matt Bromiley.
The six most important steps of an incident response plan are as follows:
- Preparation of the emergency plan
- Identification of the threat
- Contain the infection
- Fixing and recovering the Systems
- Recover the Lost Systems and Data
- Drawing lessons and transferring them to the contingency plan
You can find out more about the study in the webcast on November 16: https://www.sans.org/webcasts/sans-2021-ransomware-detection-and-incident-response-report/
The study was sponsored by Anomali, Blue Hexagon, Cisco Secure, Corelight, Deepwatch, Egress, Palo Alto Networks, Rapid7, Recorded Future and Red Canary.