• Trainguyrom@reddthat.com
    link
    fedilink
    English
    arrow-up
    10
    ·
    1 year ago

    The advice I’ve always heard is disconnect network but leave powered for forensics/recovery. Some ransomware store the decryption key soley in memory, so it is lost upon power loss

    • Haui@discuss.tchncs.de
      link
      fedilink
      arrow-up
      2
      ·
      1 year ago

      That actually makes sense. We had a ransomware attack once. We also disconnected the device but I cant remember if we powered it off. At the time it stopped encrypting due to that since our network drives were not reachable anymore.

      Is there actually a way to spread the encryption process to a server?