CSIRT

INCIDENT RESPONSE

INNOVERY HELPS YOU IN THE RECOVERY PROCESS OF YOUR SYSTEMS AND DATA

Innovery CSIRT assists its customers in handling the technical and organizational aspects of incidents. In particular, it provides assistance or advice with respect to the following steps of the incident management process.

STEP 1 – ANALYSIS

Gain an understanding of the information security incident and its actual and potential impact to identify the underlying issues or that allowed the successful attack anddraaft a remediation plan. Detailed analysis is often compkex and time-consuming, infact this step may continue in parallel while the following actions are taken.

STEP 2 – CONTAINMENT

Implementing measures that ensure an information security incident do not spread any further, i.e. they remain confined to the currently affected system, users, and/or domains to ensure that no further losses (including leakage of documents, changes to databses or data, etc.) can occur.

STEP 3 – ERADICATION

Removing malware, ransomwre and other persistence mechanisms. Implementing changes in the affected domain, infrastructure, or network necessary to fix and prevent this type of activity from recurring.  In any phase we may provide direct (onsite) assistance to help you in the process.

STEP 4 – RECOVERY 

Restoring the integrity of affected systems and returning the affected data, systems, and networks to a non-degraded operational state, restoring the impacted services to full functionality. 

Measures are applied to close any detected vulnerabilities or weakness that contributed to the original information security incident. Detection and reaction measures are improved s recommended by the response plan. 

WHAT TO DO IF YOU ARE ATTACKED BY A RANSOMWARE?

Once a system has been identified as potentially infected, it should be immediately removed from your networks (including WiFi connections), and either shut down or, better, hibernated so as not to interfere with the collection of evidence for forensic analysis, but at the same time minimizing the risk of the ransomware continuing the encryption process.

At Innovery we can help you manage breaches of varying degrees and complexity, removing them and trying to restore your data.

Here is a list of the most common and frequent malware:

  • Dharma
  • GandCrab
  • Sodinokibi / REvil
  • Locky
  • WannaCry
  • PCLock
  • Maktub
  • TeslaCrypt
  • Cerber
  • Makop
  • DMA Locker
  • Coverton
  • CTB Locker
  • KeRanger
  • LeChiffre
  • Shade
  • Rannoh
  • Avaddon
  • Lockbit 2.0
  • RansomExx

Do you recognize the malware that attacked you?

Tip: don’t pay the ransom! By sending your money to the hackers, you confirm the Ransomware is working and there is no guarantee that you will receive the key to decrypt. 

Choose to rely on Innovery in this battle!

Thanks to our ultra twenty-year experience, we have managed in most cases to recover 100% of the encrypted data.

    I understand and accept that my personal data will be collected and processed according to the Privacy and Cookie Policy