home.aspx
 
. https://blogs.cisco.com/security/practical-ways-to-reduce-ransomware-impact-actions-you-can-take-today
blog article
PRACTICAL WAYS TO REDUCE RANSOMWARE IMPACT: ACTIONS YOU CAN TAKE TODAY
During the past year, Cisco Security Incident Response Services has provided emergency incident response services for many customers dealing with incidents that sometimes become a ransomware event. In many cases, we were engaged by the company at the first sign of trouble and were able to help contain the initial incident and reduce the ability of the attacker to shift to a ransomware phase. In other incidents, we were asked to help long after the attackers were in the environment and the systems were already encrypted. If we follow the standard attack lifecycle (Figure 1), the first step that we need to consider is how we would address the initial attack vector. For this blog post, let us assume the initial access vector is email (which we have observed is often the case). Initial Attack The first thing to consider is intelligence-based email monitoring and filtering. An example of this would be the Cisco Email Security Appliance (ESA) product which integrates Cisco Talos threat intelligence into an active email inspection platform. READ MORE