US CISA issues ICS ransomware factsheet.  Recommendations include:


  • ID critical processes & equipment
  • Develop and test response plan
  • Ensure adequate backups in place


  • Practice cyber hygiene (patching, whitelisting, user management, MFA etc)
  • Network segmentation
  • Vigilent network monitoring


  • Isolate impacted systems
  • Power down where  isolation is not possible
  • Triage and restore impacted systems
  • Obtain specialist third party assistance
  • Take a forensic image
  • Obtain decryptors via legal routes