The advice I’ve always heard is disconnect network but leave powered for forensics/recovery. Some ransomware store the decryption key soley in memory, so it is lost upon power loss
That actually makes sense. We had a ransomware attack once. We also disconnected the device but I cant remember if we powered it off. At the time it stopped encrypting due to that since our network drives were not reachable anymore.
Is there actually a way to spread the encryption process to a server?
The advice I’ve always heard is disconnect network but leave powered for forensics/recovery. Some ransomware store the decryption key soley in memory, so it is lost upon power loss
That actually makes sense. We had a ransomware attack once. We also disconnected the device but I cant remember if we powered it off. At the time it stopped encrypting due to that since our network drives were not reachable anymore.
Is there actually a way to spread the encryption process to a server?