After - Recovery and Post-Incident Activity
- Reset authorization credentials including passwords.
- Confirm that the infected device has been completely cleaned and reinstall the operating system.
- Before using the backup to restore, it is necessary to confirm that the backup does not contain any malicious software. If the backup and the equipment connected to it are very clean, the restoration should only be performed from the backup.
- Connect the device to a clean network to download, install, and update the operating system and all other software.
- Install, update and run antivirus software.
- It is recommended to share attack event information through TWCERT/CC (de-identification) to help other domestic and foreign enterprises and organizations prevent related attacks and reduce the impact of ransomware.
- Making improvement plan and execute according based on the cause of ransom and hacking.