On a weekend morning, IT staff discovered all systems were down and suspected a ransomware attack. They promptly disconnected the network switch to limit damage and engaged an incident response firm, which confirmed that all virtual machines (VMs) had been encrypted. Jonathon Mayor from Cohesity CERT advises that while most companies initially follow Cohesity’s security hardening guidelines, configuration drift can occur as staff change. He strongly recommends regularly reviewing sensitive accounts and ensuring DataLock retention periods remain appropriate to maintain robust protection against attacks.

Join for free to read