{"id":516,"date":"2023-09-19T13:41:52","date_gmt":"2023-09-19T13:41:52","guid":{"rendered":"https:\/\/dev.cryptoloc.au\/?p=516"},"modified":"2023-09-25T01:04:00","modified_gmt":"2023-09-25T01:04:00","slug":"what-to-do-in-the-event-of-a-breach","status":"publish","type":"post","link":"https:\/\/127.0.0.1\/what-to-do-in-the-event-of-a-breach\/","title":{"rendered":"What to do in the event of a breach"},"content":{"rendered":"<div>\n<h1>What to do in the event of a breach<\/h1>\n<\/div>\n<div>Recovery from a ransomware attack can be a challenging and sometimes costly process. The recovery process can vary dramatically depending on whether you have no protection at all versus having backups and a file recovery system in place. Here\u2019s a comparison:<\/div>\n<div>Without Cryptoloc Protection<\/div>\n<ul>\n<li>\n<h3>Identification<\/h3>\n<p>Step 1<\/p>\n<div>The first step is to recognize that you\u2019ve been hit by ransomware. This could be through a ransom note displayed on your screen or by finding encrypted files.<\/div>\n<\/li>\n<li>\n<h3>Isolation<\/h3>\n<p>Step 2<\/p>\n<div>Once identified, you should immediately disconnect the affected devices from the network to prevent the spread of ransomware to other connected devices.<\/div>\n<\/li>\n<li>\n<h3>Assessment<\/h3>\n<p>Step 3<\/p>\n<div>Determine the extent of the damage. Which files have been encrypted? What kind of ransomware is it?<\/div>\n<\/li>\n<li>\n<h3>Decryption Options<\/h3>\n<p>Step 4<\/p>\n<div>Some ransomware variants have publicly available decryption tools thanks to cybersecurity researchers. It\u2019s worth checking if a tool is available for your ransomware variant.<\/div>\n<\/li>\n<li>\n<h3>Paying the Ransom<\/h3>\n<p>Step 5<\/p>\n<div>This is a controversial step. The Australian Cyber Security Centre strongly advises against paying a ransom. Paying the ransom doesn\u2019t guarantee that you\u2019ll get your files back, and it encourages and funds the cybercriminals. However, for some businesses or individuals, it might be seen as the only option, especially if the data is critical and irreplaceable.<\/div>\n<\/li>\n<li>\n<h3>Clean-Up<\/h3>\n<p>Step 6<\/p>\n<div>If you decide not to pay or even after retrieving your files (if the attackers keep their promise), you\u2019ll need to clean the affected system(s). This typically involves wiping the system and reinstalling the operating system and applications from scratch.<\/div>\n<\/li>\n<li>\n<h3>Data Loss<\/h3>\n<p>Step 7<\/p>\n<div>If you have no backups and can\u2019t decrypt the data, you may have to accept that you have permanently lost all your data.<\/div>\n<\/li>\n<li>\n<h3>Post-Incident Analysis and Prevention<\/h3>\n<p>Step 7<\/p>\n<div>Understand how the attack happened and implement learnings from your experience to be able to prevent future incidents and recover faster and easier.<\/div>\n<\/li>\n<\/ul>\n<div>With Cryptoloc Protection<\/div>\n<ul>\n<li>\n<h3>Identification<\/h3>\n<p>Step 1<\/p>\n<div>The first step is to recognize that you\u2019ve been hit by ransomware. This could be through a ransom note displayed on your screen or by finding encrypted files.<\/div>\n<\/li>\n<li>\n<h3>Assessment<\/h3>\n<p>Step 2<\/p>\n<div>You\u2019d still assess the damage, but you can access of your files live on the Cryptoloc Cloud to view your incident response plan or carry on normal business operations.<\/div>\n<\/li>\n<li>\n<h3>Restoration<\/h3>\n<p>Step 3<\/p>\n<div>Restore the infected devices and with Cryptoloc backup and file recovery system in place, you can restore your system and user files from any point before the ransomware attack. This significantly reduces the downtime and loss.<\/div>\n<\/li>\n<li>\n<h3>Validation<\/h3>\n<p>Step 4<\/p>\n<div>Using a file-based backup system ensures that the backups being restored are clean and free of ransomware or any other malware.<\/div>\n<\/li>\n<li>\n<h3>Post-Incident Analysis and Prevention<\/h3>\n<p>Step 5<\/p>\n<div>Analyse the breach and put in place any preventative measures identified. Having a backup is essential, but prevention is always better. Check to ensure all essential files and data are under Cryptoloc\u2019s protection.<\/div>\n<\/li>\n<li>\n<h3>Regular Backup Checks<\/h3>\n<p>Step 6<\/p>\n<div>Access the Cryptoloc Cloud and check the status of all your backups on a single easy-to-view page to confirm their successful execution.<\/div>\n<\/li>\n<\/ul>\n<div>\n<p><span>Having a robust backup and recovery system is one of the most effective measures against ransomware. Regular backups can save you significant time, money, and stress in the event of an attack. Additionally, always ensure to keep your software updated, use a good security solution, and train employees or users about the risks of phishing emails and suspicious attachments.<\/span><\/p>\n<\/div>\n<div>\n<\/div>\n<p><!--more--><br \/>\n<!-- {\"type\":\"layout\",\"children\":[{\"type\":\"section\",\"props\":{\"image_position\":\"center-center\",\"padding\":\"xsmall\",\"padding_remove_top\":false,\"style\":\"default\",\"title_breakpoint\":\"xl\",\"title_position\":\"top-left\",\"title_rotation\":\"left\",\"vertical_align\":\"middle\",\"width\":\"xlarge\"},\"children\":[{\"type\":\"row\",\"props\":{\"css\":\".el-row{\\n    margin: 0px;\\n}\"},\"children\":[{\"type\":\"column\",\"props\":{\"css\":\".el-column{\\n    padding-left: 0px !important;\\n}\",\"image_position\":\"center-center\",\"position_sticky_breakpoint\":\"m\",\"style\":\"card-secondary\",\"vertical_align\":\"middle\"},\"children\":[{\"type\":\"panel\",\"props\":{\"content_column_breakpoint\":\"m\",\"css\":\".el-title{\\n    color:#fff;\\n}\",\"icon_width\":80,\"image_align\":\"top\",\"image_grid_breakpoint\":\"m\",\"image_grid_width\":\"1-2\",\"image_svg_color\":\"emphasis\",\"link_style\":\"default\",\"link_text\":\"Read more\",\"margin\":\"default\",\"meta_align\":\"below-title\",\"meta_element\":\"div\",\"meta_style\":\"text-meta\",\"text_align\":\"center\",\"title\":\"What to do in the event of a breach\",\"title_align\":\"top\",\"title_element\":\"h1\",\"title_grid_breakpoint\":\"m\",\"title_grid_width\":\"1-2\",\"title_hover_style\":\"reset\",\"title_style\":\"h2\"}}]}]}],\"name\":\"Post Title\"},{\"type\":\"section\",\"props\":{\"image_position\":\"center-center\",\"padding\":\"xsmall\",\"padding_remove_top\":false,\"style\":\"default\",\"title_breakpoint\":\"xl\",\"title_position\":\"top-left\",\"title_rotation\":\"left\",\"vertical_align\":\"middle\",\"width\":\"xlarge\"},\"children\":[{\"type\":\"row\",\"props\":{\"css\":\".el-row{\\n    margin: 0px;\\n}\\n\\n\"},\"children\":[{\"type\":\"column\",\"props\":{\"css\":\".el-column{\\n    padding-left: 0px !important;\\n}\",\"image_position\":\"center-center\",\"position_sticky_breakpoint\":\"m\",\"style\":\"card-default\",\"vertical_align\":\"middle\"},\"children\":[{\"type\":\"text\",\"props\":{\"column_breakpoint\":\"m\",\"content\":\"Recovery from a ransomware attack can be a challenging and sometimes costly process. The recovery process can vary dramatically depending on whether you have no protection at all versus having backups and a file recovery system in place. Here\\u2019s a comparison:\",\"margin\":\"default\"}},{\"type\":\"headline\",\"props\":{\"content\":\"Without Cryptoloc Protection\",\"margin_remove_bottom\":true,\"text_align\":\"center\",\"title_color\":\"secondary\",\"title_element\":\"div\",\"title_style\":\"h3\"}},{\"type\":\"grid\",\"props\":{\"content_column_breakpoint\":\"m\",\"css\":\".el-item{\\n    background-color: #f5f7fa;\\n}\",\"filter_align\":\"left\",\"filter_all\":true,\"filter_grid_breakpoint\":\"m\",\"filter_grid_width\":\"auto\",\"filter_position\":\"top\",\"filter_style\":\"tab\",\"grid_default\":\"1\",\"grid_medium\":\"4\",\"icon_width\":80,\"image_align\":\"top\",\"image_grid_breakpoint\":\"m\",\"image_grid_width\":\"1-2\",\"image_svg_color\":\"emphasis\",\"item_animation\":true,\"link_style\":\"default\",\"link_text\":\"Read more\",\"margin\":\"default\",\"meta_align\":\"above-title\",\"meta_color\":\"muted\",\"meta_element\":\"div\",\"meta_style\":\"text-meta\",\"panel_padding\":\"default\",\"panel_style\":\"card-default\",\"show_content\":true,\"show_image\":true,\"show_link\":true,\"show_meta\":true,\"show_title\":true,\"title_align\":\"top\",\"title_element\":\"h3\",\"title_grid_breakpoint\":\"m\",\"title_grid_width\":\"1-2\",\"title_hover_style\":\"reset\",\"title_margin\":\"small\"},\"children\":[{\"type\":\"grid_item\",\"props\":{\"content\":\"The first step is to recognize that you\\u2019ve been hit by ransomware. This could be through a ransom note displayed on your screen or by finding encrypted files.\",\"meta\":\"Step 1\",\"title\":\"Identification\"}},{\"type\":\"grid_item\",\"props\":{\"content\":\"Once identified, you should immediately disconnect the affected devices from the network to prevent the spread of ransomware to other connected devices.\",\"meta\":\"Step 2\",\"title\":\"Isolation\"}},{\"type\":\"grid_item\",\"props\":{\"content\":\"Determine the extent of the damage. Which files have been encrypted? What kind of ransomware is it?\",\"meta\":\"Step 3\",\"title\":\"Assessment\"}},{\"type\":\"grid_item\",\"props\":{\"content\":\"Some ransomware variants have publicly available decryption tools thanks to cybersecurity researchers. It\\u2019s worth checking if a tool is available for your ransomware variant.\",\"meta\":\"Step 4\",\"title\":\"Decryption Options\"}},{\"type\":\"grid_item\",\"props\":{\"content\":\"This is a controversial step. The Australian Cyber Security Centre strongly advises against paying a ransom. Paying the ransom doesn\\u2019t guarantee that you\\u2019ll get your files back, and it encourages and funds the cybercriminals. However, for some businesses or individuals, it might be seen as the only option, especially if the data is critical and irreplaceable.\",\"meta\":\"Step 5\",\"title\":\"Paying the Ransom\"}},{\"type\":\"grid_item\",\"props\":{\"content\":\"If you decide not to pay or even after retrieving your files (if the attackers keep their promise), you\\u2019ll need to clean the affected system(s). This typically involves wiping the system and reinstalling the operating system and applications from scratch.\",\"meta\":\"Step 6\",\"title\":\"Clean-Up\"}},{\"type\":\"grid_item\",\"props\":{\"content\":\"If you have no backups and can\\u2019t decrypt the data, you may have to accept that you have permanently lost all your data.\",\"meta\":\"Step 7\",\"title\":\"Data Loss\"}},{\"type\":\"grid_item\",\"props\":{\"content\":\"Understand how the attack happened and implement learnings from your experience to be able to prevent future incidents and recover faster and easier.\",\"meta\":\"Step 7\",\"title\":\"Post-Incident Analysis and Prevention\"}}]},{\"type\":\"headline\",\"props\":{\"content\":\"With Cryptoloc Protection\",\"margin\":\"medium\",\"margin_remove_bottom\":true,\"text_align\":\"center\",\"title_color\":\"secondary\",\"title_element\":\"div\",\"title_style\":\"h3\"}},{\"type\":\"grid\",\"props\":{\"content_column_breakpoint\":\"m\",\"css\":\".el-item{\\n    background-color: #f5f7fa;\\n}\",\"filter_align\":\"left\",\"filter_all\":true,\"filter_grid_breakpoint\":\"m\",\"filter_grid_width\":\"auto\",\"filter_position\":\"top\",\"filter_style\":\"tab\",\"grid_default\":\"1\",\"grid_medium\":\"4\",\"icon_width\":80,\"image_align\":\"top\",\"image_grid_breakpoint\":\"m\",\"image_grid_width\":\"1-2\",\"image_svg_color\":\"emphasis\",\"item_animation\":true,\"link_style\":\"default\",\"link_text\":\"Read more\",\"margin\":\"default\",\"meta_align\":\"above-title\",\"meta_color\":\"muted\",\"meta_element\":\"div\",\"meta_style\":\"text-meta\",\"panel_padding\":\"default\",\"panel_style\":\"card-default\",\"show_content\":true,\"show_image\":true,\"show_link\":true,\"show_meta\":true,\"show_title\":true,\"title_align\":\"top\",\"title_element\":\"h3\",\"title_grid_breakpoint\":\"m\",\"title_grid_width\":\"1-2\",\"title_hover_style\":\"reset\",\"title_margin\":\"small\"},\"children\":[{\"type\":\"grid_item\",\"props\":{\"content\":\"The first step is to recognize that you\\u2019ve been hit by ransomware. This could be through a ransom note displayed on your screen or by finding encrypted files.\",\"meta\":\"Step 1\",\"title\":\"Identification\"}},{\"type\":\"grid_item\",\"props\":{\"content\":\"You\\u2019d still assess the damage, but you can access of your files live on the Cryptoloc Cloud to view your incident response plan or carry on normal business operations.\",\"meta\":\"Step 2\",\"title\":\"Assessment\"}},{\"type\":\"grid_item\",\"props\":{\"content\":\"Restore the infected devices and with Cryptoloc backup and file recovery system in place, you can restore your system and user files from any point before the ransomware attack. This significantly reduces the downtime and loss.\",\"meta\":\"Step 3\",\"title\":\"Restoration\"}},{\"type\":\"grid_item\",\"props\":{\"content\":\"Using a file-based backup system ensures that the backups being restored are clean and free of ransomware or any other malware.\",\"meta\":\"Step 4\",\"title\":\"Validation\"}},{\"type\":\"grid_item\",\"props\":{\"content\":\"Analyse the breach and put in place any preventative measures identified. Having a backup is essential, but prevention is always better. Check to ensure all essential files and data are under Cryptoloc\\u2019s protection.\",\"meta\":\"Step 5\",\"title\":\"Post-Incident Analysis and Prevention\"}},{\"type\":\"grid_item\",\"props\":{\"content\":\"Access the Cryptoloc Cloud and check the status of all your backups on a single easy-to-view page to confirm their successful execution.\",\"meta\":\"Step 6\",\"title\":\"Regular Backup Checks\"}}]},{\"type\":\"text\",\"props\":{\"column_breakpoint\":\"m\",\"content\":\"\n\n<p><span>Having a robust backup and recovery system is one of the most effective measures against ransomware. Regular backups can save you significant time, money, and stress in the event of an attack. Additionally, always ensure to keep your software updated, use a good security solution, and train employees or users about the risks of phishing emails and suspicious attachments.<\\\/span><\\\/p>\",\"margin\":\"default\"}}]}]}],\"name\":\"Post Section\"},{\"type\":\"section\",\"props\":{\"image_position\":\"center-center\",\"padding\":\"xsmall\",\"style\":\"default\",\"title_breakpoint\":\"xl\",\"title_position\":\"top-left\",\"title_rotation\":\"left\",\"vertical_align\":\"middle\",\"width\":\"xlarge\"},\"children\":[{\"type\":\"row\",\"children\":[{\"type\":\"column\",\"props\":{\"image_position\":\"center-center\",\"position_sticky_breakpoint\":\"m\"},\"children\":[{\"type\":\"grid\",\"props\":{\"content_align\":false,\"content_column_breakpoint\":\"m\",\"css\":\".uk-card-media-left{\\n    border-radius: 0px;\\n}\\n\\n.el-image{\\n    border-radius: 2.5em 2.5em 0 0;\\n}\",\"filter_align\":\"left\",\"filter_all\":true,\"filter_grid_breakpoint\":\"m\",\"filter_grid_width\":\"auto\",\"filter_position\":\"top\",\"filter_style\":\"tab\",\"grid_default\":\"1\",\"grid_masonry\":false,\"grid_medium\":\"5\",\"grid_small\":\"2\",\"icon_width\":\"60\",\"image_align\":\"top\",\"image_grid_breakpoint\":\"m\",\"image_grid_width\":\"auto\",\"image_link\":true,\"image_svg_color\":\"emphasis\",\"item_animation\":true,\"link_style\":\"text\",\"link_text\":\"Read more\",\"margin\":\"default\",\"meta_align\":\"below-title\",\"meta_element\":\"div\",\"meta_style\":\"text-meta\",\"panel_image_no_padding\":true,\"panel_link\":false,\"panel_padding\":\"default\",\"panel_style\":\"card-secondary\",\"show_content\":false,\"show_image\":false,\"show_link\":true,\"show_meta\":true,\"show_title\":true,\"title_align\":\"top\",\"title_element\":\"h3\",\"title_grid_breakpoint\":\"m\",\"title_grid_width\":\"1-2\",\"title_hover_style\":\"reset\",\"title_link\":true,\"title_style\":\"h4\"},\"children\":[{\"type\":\"grid_item\",\"props\":{\"icon\":\"\"},\"source\":{\"query\":{\"name\":\"posts.customPosts\",\"arguments\":{\"terms\":[1],\"category_operator\":\"IN\",\"post_tag_operator\":\"IN\",\"users\":[],\"users_operator\":\"IN\",\"offset\":0,\"limit\":5,\"order\":\"date\",\"order_direction\":\"DESC\"}},\"props\":{\"title\":{\"filters\":{\"search\":\"\"},\"name\":\"title\"},\"image\":{\"filters\":{\"search\":\"\"},\"name\":\"featuredImage.url\"},\"meta\":{\"filters\":{\"search\":\"\",\"date\":\"\"},\"name\":\"date\"},\"content\":{\"filters\":{\"search\":\"\",\"limit\":100},\"name\":\"excerpt\"},\"link\":{\"filters\":{\"search\":\"\"},\"name\":\"link\"}}}}]}]}]}],\"name\":\"Post List\"}],\"version\":\"4.0.7\"} --><\/p>\n","protected":false},"excerpt":{"rendered":"<p>What to do in the event of a breach Recovery from a ransomware attack can be a challenging and sometimes costly process. The recovery process can vary dramatically depending on whether you have no protection at all versus having backups and a file recovery system in place. Here\u2019s a comparison: Without Cryptoloc Protection Identification Step [&hellip;]<\/p>\n","protected":false},"author":3,"featured_media":564,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"_links":{"self":[{"href":"https:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/516"}],"collection":[{"href":"https:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/127.0.0.1\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/127.0.0.1\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/127.0.0.1\/wp-json\/wp\/v2\/comments?post=516"}],"version-history":[{"count":19,"href":"https:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/516\/revisions"}],"predecessor-version":[{"id":1008,"href":"https:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/516\/revisions\/1008"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/127.0.0.1\/wp-json\/wp\/v2\/media\/564"}],"wp:attachment":[{"href":"https:\/\/127.0.0.1\/wp-json\/wp\/v2\/media?parent=516"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/127.0.0.1\/wp-json\/wp\/v2\/categories?post=516"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/127.0.0.1\/wp-json\/wp\/v2\/tags?post=516"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}