Incidence at other Helmholtz center - well prepared email has been opened - pdf attachment has been opened - clicked on link inside - downloaded zip file - unpacked zip file - executed script - domain controller cracked - files have been encrypted - one week delay between infection and attack - known from other attacks: sensitive files (blackmail potential) downloaded - ransomware attacks may cause downtimes for 4-6 weeks
Our goal: protect against these attacks by measures not interfering to much with our routine.
Countermeasures:
Multi-factor authentication will be installed at DESY, for access from outside
A lot of tests have been made, in simulation mode. One issue today. Continue to test.