Passwordstate Password Manager Breach: Free Questionnaire to Assess Supply Chain Risk

1) Has the organization been impacted by the recent Click Studios Passwordstate malware attack?

(Please select one.)

a) Yes, we have been impacted by the recent Click Studios Passwordstate malware attack.

b) No, we have not been impacted by the recent Click Studios Passwordstate malware attack.

c) The organization is unsure if it has been impacted by the recent Click Studios Passwordstate malware attack.

2) Has the organization contacted Click Studios with a directory listing of c:\inetpub\passwordstate\bin output to a file called PasswordstateBin.txt and has this file been sent to Click Studios Technical Support?

(Please select one.)

Help Text: Where an organization has been impacted by the Passwordstate malware attack, it is strongly recommended that it contacts the solution provider to receive advisory support and recommended actions to resolve the incident.

a) Yes, the organization has contacted Click Studios, and provided the directory listing of the Passwordstate output, and a copy of the PasswordstateBin.txt file to the Click Studios Technical Support team.

b) No, the organization has not contacted Click Studios, and provided the directory listing of the Passwordstate output, and a copy of the PasswordstateBin.txt file to the Click Studios Technical Support team.

3) Has the organization obtained a copy of the Incident Management Advisories created by Click Studios, and made available on their website?

(Please select one.)

Help Text: Click Studios has provided advisory papers, which describe key steps an organization should take following confirmation of having been affected by the Passwordstate malware attack.

a) Yes, the organization has obtained a copy of the Incident Management Advisories and has followed the recommended actions provided.

b) No, the organization has not obtained a copy of the Incident Management Advisories, or followed the recommended actions provided.

4) Based on the advisories provided by Click Studios, and contact with the Technical Support team, has the organization implemented the following recommended actions?

(Please select all that apply.)

a) The organization has downloaded the advised hotfix file.

b) The organization has used PowerShell to confirm the checksum of the hotfix file matches the details supplied.

c) The Passwordstate Service and Internet Information Server was stopped.

d) The hotfix was extracted to the specified folder.

e) The organization restarted the Passwordstate Service, and Internet Information Server.

5) Has the organization conducted password resets to the following critical systems?

(Please select all that apply.)

a) All credentials for externally facing systems (Firewalls, VPN & external websites).

b) All credentials for internal infrastructure, (Switches, Storage Systems & Local Accounts).

c) All remaining credentials stored in Passwordstate.

6) Does the organization have an incident investigation and response plan in place?

(Please select all that apply.)

Help Text: Procedures for monitoring, detecting, analyzing and reporting of information security events and incidents should be in place, and enable an organization to develop a clear response strategy to handling identified incidents and events.

a) The organization has a documented incident management policy.

b) The incident management policy includes rules for reporting information security events and weaknesses.

c) An incident response plan is developed as part of incident investigation and recovery.

d) Incident response planning includes escalation procedures to internal parties, and communication procedures to clients.

7) Who is designated as the point of contact who can answer additional queries?

Name:

Title:

Email:

Phone:

8) What is the level of impact to client systems and data following this attack?

(Please select one.)

Help Text: Consideration should be given to level of impact on the availability and confidentiality to client information or systems.

Significant impact: The Passwordstate attack has caused client systems to stop working or become unavailable. There has been a loss of confidentiality or integrity of data.

High impact: Service availability to client systems has been periodically lost, and there is the potential for some systems to periodically stop. Some loss of confidentiality or integrity of data.

Low impact: No loss of confidentiality or integrity of data, and minimal or no disruption to service availability.

a) There has been no impact to client systems or data following this attack.

b) There has been a low impact to client systems or data following this attack.

c) There is a high level of impact to client systems or data following this attack.

d) There has been significant impact to client systems or data following this attack.