Over the past few months, the Cybereason team has been investigating multiple instances of ransomware attacks against large critical infrastructure providers. This attack highlights an ongoing trend where ransomware attacks are no longer just deploying and detonating; they are taking their time to maximize their profit per targeted organization by impacting the availability of multiple machines and the confidentiality of proprietary data.
Reimage any affected machines because of the different persistence mechanisms used.
Change all passwords related to affected services, both browserbased and local applications.
Harden remote access interfaces (RDP, SSH).
We highly recommend every customer enable the following features: