Cyber Attacks – Immediate Steps And Legal Immediate Response Team. CSI: My System.

Author:Mr Amir Iliescu and Nir Feinberg
Profession:Shibolet & Co.

According to press coverage and online resources, in the last 48 hours or so cyber attacks targeted and hit over seventy countries across Europe, the Middle East and Asia. The attack which seems unprecedented in scale is reported to have used ransomware (i.e. malware which, once installed, encrypts a users' own data until they pay a ransom) sent by email with an attachment. The particular malware currently reported to be used seems to have already been identified in the past and Microsoft is said to have already rolled out a patch to address the issue, however, not all users, among them apparently numerous hospital systems, have updated such patch.

As I have written before, while preventing and identifying potential cyber exposure and weak points should be addressed ahead of time, organizations and individuals should also carefully consider in advance their zero-day response once any cyber event has affected their organization or professional account.

The first thing to remember in such instances is that your initial instincts are most often counterproductive (as those reactions are the first things any 'decent' malware expects or targets) and that your computer / systems / accounts are now, effectively, a crime scene (hence the "CSI" heading). So, if you've watched any TV series that deals with crime scenes, you would probably do well to apply some of the fictional lessons with the required changes to adapt to the real world:

Do NOT tamper with a crime scene (which actually means do not turn on, off, save, email or do any other activity in or connecting the affected systems). Malware often targets your initial response as a means to further its own causes or to trigger automated (definitely not pleasant) responses. The correct technical responses should be...

To continue reading