The Cyber security and Infrastructure Security Agency (CISA) has observed an increase in ransomware attacks across the world in recent days. In this posting, we explain how Ransomware works, how to prevent it, and what to do in case you do fall victim to a Ransomware Attack.
What is Ransomware?
Ransomware is a type of malicious software, or malware, designed to deny access to a computer system or data until a ransom is paid. Ransomware typically spreads through phishing emails or by unknowingly visiting an infected website.
An employee at a major business firm, for instance, might innocuously open an email attachment that then installs malware on their work computer. Certain virus tools and security programs are designed to detect and eliminate these problems, but they don’t always work. In a worst-case scenario, the malware can spread via the local network to other machines and hardware.
What are some of the best practices organizations can employ to prevent Ransomware?
As with most infections, Prevention is the best cure. A combination of the right behaviors, Malware removal tools, and modern Security & virus software is your best bet to reduce the risk of ransomware attack to a minimum.
- Outdated applications and operating systems are the target of most attacks. Update software and operating systems with the latest patches.
- Run regular security scan on all systems using a robust anti-ransomware solution such as ESET Endpoint Security
- Create Honeypots and Faux Servers to lure cyber attackers. These can be done by your in-house IT team, or a service provided by CIT SYS
- Backup data on a regular basis. Keep it on a separate device and store it offline, using external hard drives or Acronis PC Backup and Recovery solution.
- Educate and train workers on ways to detect and prevent ransomware. The most important rule is, NEVER click on links or open attachments in unsolicited emails.
- Restrict users’ permissions to install and run software applications and apply the principle of “least privilege” to all systems and services. Restricting these privileges may prevent malware from running or limit its capability to spread through a network.
- Enable strong spam filters to prevent phishing emails from reaching the end users and authenticate inbound email to prevent email spoofing.
- Scan all incoming and outgoing emails to detect threats and filter executable files from reaching end users.
- Configure firewalls to block access to known malicious IP addresses.
What to do in case of a Ransomware attack?
- If you discover an infection, isolate the machine, device or application, and prevent access to the greater network or shared storage.
- Use antivirus or anti-malware software to clean the ransomware from the machine, but only do so if you are determined not to pay the ransom. (Otherwise, wait until you’ve recovered your files.)
- See if you can recover deleted files. Many forms of encrypting ransomware copy your files, encrypt the copies and then delete the originals. Fortunately, you can often recover deleted files easily with tools such as Acronis PC Backup and Recovery.
- Restore your files from a backup. If you regularly back up the affected machine, you should be able to restore the files from the backup.
- Give up on the files and reinstall the operating system. If you’d rather just cut bait, then you should do a full wipe and re installation of the operating system. Windows 10 lets you “factory reset” many devices.
- File a police report. This sounds pointless, but it’s a necessary legal step if you want to file an insurance claim or a lawsuit related to your infection. It will also help authorities keep track of infection rates and spreads.