Knowledge Base

• General Password Management
• Sierra Password Instructions
• Website Passwords 
  • For MHLS managed sites please open a ticket with Tech support by emailing techsupport@midhudsosn.org
  • Your website password should be managed by as few people as possible and the password should be changed with staff changes and on regular intervals no more than 180 days

• Storing Data: Files that are important to your organization, those that cannot be recreated, and those that you have invested time in, should be stored thoughtfully and maintained.
  • Local files, stored on your computer, are at risk.  Physical risk is always a possibility with local storage.  A fire, theft or other event could result in loss.  Malware and ransom attacks are only a threat to files that can be accessed through a direct line through a computer or network.
    • Cloud storage – using cloud-based storage is a good way to not only secure your data from physical harm, it is also a way to safely collaborate and manage backups.
    • External Storage- you could store important files on an external drive, but you must actively update and move this to a remote location.
  •  Backup: The best way to insulate yourself from malware and ransomware attacks is to have a copy of your files. 
    • Backup to the cloud or external device not on your network
    • Maintain a rolling backup.  Once you detect an attack, it may be necessary to have earlier backups to retrieve files before the attack.  Keeping a week or more of backups will provide the insurance.  Cloud storage sites, should be able to provide you with this information upfront.

MHLS Patron Privacy Statement

Clarivate (Innovative) Privacy Policies
Corporate Privacy Notice (use of data)
Clarivate Privacy Center – user portal for privacy
Privacy Protection Plan
Information Security
Information Security Standards

• Keep your operating system, browsers, and other software up to date to ensure that you are able to handle the latest threats.  This can keep malware and ransomware out of systems. 

Remove access and user accounts to equipment and software when it is no longer required.  Staff who have left or changed roles should no longer have access to accounts, information, and data.

ILS and other logins should be removed when staff leave.

The first step to avoiding an attack is to understand them!

• Ransomware
  • 
    https://www.cisa.gov/stopransomwareOfficial US site, complete with prevention, recovery and reporting
• Phishing
  • Email
  • Websites
  • Documents

Click here to find several no-cost resources to help you take a proactive approach to protecting your organization against ransomware. 

Ransomware
The best resource on Ransomware can be found at https://www.cisa.gov/stopransomware

Remove the device from network access (Quarantine), but do not turn it off or clean the device until you have gathered any forensic information that you or a hired investigation team may need.

• Notify affected parties (MHLS if Sierra passwords were compromised) and update passwords.
• Begin evaluating the network for spread
• Secure copies of your most recent backups.  
• Do you pay the ransom?  That is a choice you need to consider based on the prevention measures you have in place and the value of the data.  While it may be irksome,  the ransom may be less than the replacement and legal costs, depending on the nature of the data.  Paying the ransom isn’t an insurance policy against future attacks either.
• Wipe and restore any affected hardware.  Install your backup files. Immediately run malware software to detect any further traces.  Some attacks lie dormant in your files and can exist in backups that predate your first experience with the attack.
• Close up the security gaps that made you vulnerable.  This includes security measures and training.
• Make an official report https://www.cisa.gov/stopransomware/report-ransomware-0

Phishing

If you have been hooked, your earliest actions are important.

• Disconnect your device from the internet and run malware software to detect any possible security threats.
• Identify the information that was compromised
• Notify affected parties (MHLS if Sierra passwords were compromised) and update passwords.
• Report the incident to the administration immediately, so that they can alert the vendor or parties affected.
• If financial information is compromised update accounts and consider setting account blocks with credit score agencies like Expeiron.
• Make an official report https://us-cert.cisa.gov/report

Ransomware is an ever-evolving form of malware designed to encrypt files on a device, rendering any files and the systems that rely on them unusable. Malicious actors then demand ransom in exchange for decryption. Ransomware actors often target and threaten to sell or leak exfiltrated data or authentication information if the ransom is not paid. In recent months, ransomware has dominated the headlines, but incidents among the Nation’s state, local, tribal, and territorial (SLTT) government entities and critical infrastructure organizations have been growing for years.

Malicious actors continue to adapt their ransomware tactics over time. Federal agencies remain vigilant in maintaining awareness of ransomware attacks and associated tactics, techniques, and procedures across the country and around the world.

Have you been hit by ransomware? The Ransomware Response Checklist from the updated #StopRansomware Guide is your next stop.