Free Knowledge Check (SCOR) Answer: Security Concepts Question #1
The symptoms of ransomware on any device are; Threats to personal/corporate data. Your data may be encrypted through a bitlocker key, and not returned until ransom is paid. Attackers typically ask for crypto, or giftcards as payment.
Once Payment is given, attackers provide key to unlock your data.
How to troubleshoot ransomware?
- Step 1. Containment and isolation. You will need to contain the spread of this infection from reaching other areas of your network. To do this, find the infected device and disconnect from the network. (a preventative is to use ISE to conduct device posturing. This ensures all devices are up to date with updates and company standards)
- Step 2. Disable compromised accounts
- Step 3. Block malicious IP addresses in FMC
After the Infection
You will need to Investigate the origins of the attack, and the scope. After finding out the scope, It is time to remediate.
Remediation
You can use Orbital Advanced Search inside Secure Endpoint to conduct forensic inspects cross endpoint in your enviroment. Use Cisco AMP (Secure Endpoint) to check file reputation, and analyze malware. (when infected with one thing, there is a change ransomware attackers could also sneak more attacks in. Like CnC, or root kits).
Reporting:
Depending on local laws of where ever you are, you may need to report the incident to CISA/FBI. Though workplaces typically have Standard and Proceedures in place for incidents like this.
Disclaimer:
This content is for education purposes only
Not affiliated with or endorsed by Cisco Systems, Inc. This SCOR knowledge check is for educational purposes only and does not represent official exam content. Some links may be affiliate links (e.g., Amazon, eBay) from which I may earn a small commission at no extra cost to you.