US CISA issues ICS ransomware factsheet. Recommendations include:
Prepare:
- ID critical processes & equipment
- Develop and test response plan
- Ensure adequate backups in place
Mitigate:
- Practice cyber hygiene (patching, whitelisting, user management, MFA etc)
- Network segmentation
- Vigilent network monitoring
Respond:
- Isolate impacted systems
- Power down where isolation is not possible
- Triage and restore impacted systems
- Obtain specialist third party assistance
- Take a forensic image
- Obtain decryptors via legal routes