Lessons Learned from a Ransomware Attack
Overview
Explore a comprehensive analysis of a ransomware attack on a medium-sized school district in this 29-minute USENIX LISA21 conference talk. Delve into the attack timeline, extent of damage, and recovery process as presented by Ski Kacoroski from Northshore School District. Gain valuable insights into identifying attack symptoms, implementing effective response strategies, and understanding post-attack procedures. Learn crucial preventive measures and mitigation techniques to enhance your organization's cybersecurity posture. Discover the emotional impact, challenges in incident response, and the importance of backup systems, insurance, and specialized contractors. Examine the complexities of managing critical systems, addressing user concerns, and rebuilding infrastructure. Reflect on key lessons learned, including the significance of proper staffing, secure admin practices, and maintaining vigilance in the face of evolving cyber threats.
Syllabus
Introduction
Data Center
Emotional Rollercoaster
Incident Response
Incident Command
Relationships
Backup System
Accidental Backup
Insurance Group
Incident Response Contractor
Tracking Work
Project Manager
Understaffing
Storage Branch
Trial and Error
Virtual Server Templates
Moving Services
Admin Choice Point
Windows Workstations
Critical Systems
End Users
Active Directory
Super User Accounts
NonWindows Servers
People Make Mistakes
No Longer Safe
Conclusion
What saved us
The silver lining
Taught by
USENIX