In recent years, the purpose of ransomware attacks have evolved to target businesses by encrypting entire computer networks and files, stopping operations until payment has been received.
What is Ransomware?
Ransomware is a type of malicious software (malware) that threateens to report or obstructs the victim's access to their data until the attacker receives a ransom payment. Ransomware is usually spread through phishing attacks containing a malicious e-mail attachment, or link to a compromised website.
With attacks on the rise, businesses and individuals should be aware of ransomware attack techniques and follow best practices for ransomware protection.
How To Defeat Ransomware?
Disconnect From Network
Immediately unplug computer from network
Turn off any wireless communication like Wi-Fi, Bluetooth, NFC
Do not restart of shutdown the infected machine as some ransomwares have chances of decryption if the machine is not rebooted.
Map Your Network For Possible Infections
Check the network shares for spread of ransomware
Check external connected media like USB, external drive, etc
Check cloud based storage files like Google drive, Dropbox, etc
Some ransomware steal data by creating archive files. Check for such large size archive files.
Identify Ransomware Family
The email mentioned in ransom note, the extension of encrypted files help in identifying the ransomware family it belongs to.
Try to identify the source of infection
DO NOT
Do not try to decrypt the ransomware files on your own as some ransomwares are spoofed decryptors. And you will end up encrypting your data twice or even lose all files.
Remove any files from infected system
Try to contact hackers directly
DO
Seek help of a cyber security company, they can not only identify the source of infection but can also help your organization in cybersecurity and training your employees to prevent further attacks.
If you plan to pay the ransom try convincing them to lower the ransom price.
FUTURE PREVENTION
Implement security controls like DLP, firewall, Antivirus in your organization.
ALWAYS have an offsite backup ready.
After implementing above controls it is advisable to check their efficiency against such attacks. Go for a cybersecurity audit or Adversary emulation services
Employees are the first line of defence. Train your employees for latest attacks and their identification.
Comments