Ransomware & Incident Response
Ransomware & Incident Response
Ransomware is a business interruption event. The technology is only half the fight.
Core Principles
- Assume Breach: design for containment
- Immutable backups: protect restore points
- Least Privilege: reduce blast radius
- Logging: know what happened
TEK918 Incident Response Support
- Triage and containment guidance
- Recovery planning and execution
- Post-incident hardening
- Documentation for insurance/compliance needs
Practical Defenses
- MFA where it matters most
- Separate admin accounts
- Patch cadence with verification
- Network segmentation
- Tested restores