1 Notify the general counsel (GC) verbally and have him contact the authorities. Put nothing in writing (or in an e-mail) at this point. Get a witness to observe your preparations.2 Shut down all network and remote access to the affected machines.3 Back up all critical systems. Make it complete, not incremental.4 Make image copies of every relevant file. Burn them onto CDs. Sign and date one copy and give it to your GC. 5 Do the same for related databases including RDB dumps, Windows registries and Linux log files.6 Let your users back on to the network and resume business. 7 Print out the text files. Make an inventory of the software versions that you’re using. Mark the papers as proprietary and label each sheet with your company’s name, date and IP markings.8 Hand over the CDs and paper to the investigators and get a receipt. Explain what you did. Make it clear that the business has started up again. -D.H. *The author is not a lawyer Related content brandpost Unmasking ransomware threat clusters: Why it matters to defenders Similar patterns of behavior among ransomware treat groups can help security teams better understand and prepare for attacks By Joan Goodchild Sep 21, 2023 3 mins Cybercrime news analysis China’s offensive cyber operations support “soft power” agenda in Africa Researchers track Chinese cyber espionage intrusions targeting African industrial sectors. By Michael Hill Sep 21, 2023 5 mins Advanced Persistent Threats Cyberattacks Critical Infrastructure brandpost Proactive OT security requires visibility + prevention You cannot protect your operation by simply watching and waiting. It is essential to have a defense-in-depth approach. By Austen Byers Sep 21, 2023 4 mins Security news Gitlab fixes bug that exploited internal policies to trigger hostile pipelines It was possible for an attacker to run pipelines as an arbitrary user via scheduled security scan policies. By Shweta Sharma Sep 21, 2023 3 mins Vulnerabilities Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe