Cyber incidents often happen suddenly and catch enterprises by surprise.
Experts suggest that the following information should be collected calmly in order to let the assistance of judicial investigation units and incident response teams clarify the overall situation of the incident. By doing so, enterprises might be able to reduce losses after cyber incidents.
8 Key Info for Dealing with Cyber Attacks
- Restored executable file (exe).
- Encrypted file and ransom note.
- Memory dump and infected hard drive Image.
- Malicious program samples: such as: ransomware, backdoors, hacking tools, etc.
- Log (Windows event log, firewall log, Exchange log…)
- There is a Powershell script executed on the system.
- Machines or accounts that were added to AD at the time of the breach.
- Extortion details: such as the email used by the attacker, the amount of extortion, the address of the virtual currency wallet, and the record of the negotiation process with the attacker.
With solid technical background and frontline expertise, TeamT5 provides an in-depth investigation and response to real-world cyber-attacks. We identify and research the intruder attacks, the impact and technical cause of the incidents, and recommend solutions or workarounds to assist our clients in recovery and remediation.
If you have needs for incident response, please contact us: https://teamt5.org/en/request-information/
*Image courtesy: Pixabay