[Anyone should learn from their experience and be ready for anything ahead of any compromise]
Microsoft is moving faster than most of the antivirus. They are publishing information about tracking a potential exploit in your system. Perhaps Microsoft’s publication is oriented for the Ukraine region. It won’t hurt if you look at that publication and check for their recommendation. Who knows if those files are already waiting for their activation at some point.
Most IT people should have gone through an essential checklist:
Block any port that does not need to be open.
Activate 2FA in all your accounts.
Lock or delete unnecessary old unused accounts.
Patch all your systems
Block access to physical servers
Review your Disaster Recovery plan and try it out, test it!
If you see a computer system acting up, and if possible, wipe it out and install it back from scratch using trustable sources of code.
Watch for infected USB or external hard drives.
Do not reinstall computers in a network where other computers are active; those computers could infect your new installation right in the stage when it is not yet fully patched.
Get new brand hard drives and USB memory sticks. Create full images of the servers and follow the rules of three. One backup locally in your premises, one out of your premises, and a third using an online backup service.
Test your backups!.
It is time to get back to the origins of the internet; if your organization has buildings across the city, states, or the country, create image replicas of your servers in those facilities that are away from you.
Now let’s take a look at Microsoft recommendations; please click on the image to access the original document:
Thank you for visiting cybersecurity blog.
Manage Cookie Consent
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.