.png?width=30&height=30&name=twitter%20(1).png){kind=small}
.png?width=30&height=30&name=linkedin%20(2).png){kind=small}
.png?width=30&height=30&name=instagram%20(3).png){kind=small}
How to Protect Against Ransomware
1 - Cyber Awareness Training and Education:
Ransomware is often spread using phishing emails. Training users on how to identify and avoid potential ransomware attacks is crucial. As many of the current cyber-attacks start with a targeted email that does not even contain malware, but only a socially engineered message that encourages the user to click on a malicious link, user education is often considered one of the most important defenses an organization can deploy.
2 - Continuous data backups:
Ransomware’s definition says that it is a malware designed to make it so that paying a ransom is the only way to restore access to the encrypted data. Automated, protected data backups enable an organization to recover from an attack with a minimum of data loss and without paying a ransom. Maintaining regular backups of data as a routine process is a very important practice to prevent losing data, and to be able to recover it in the event of corruption or disk hardware malfunction. Functional backups can also help organizations recover from ransomware attacks.
3- Patching:
Patching is a critical component in defending against ransomware attacks as cyber-criminals will often look for the latest uncovered exploits in the patches made available and then target systems that are not yet patched. As such, it is critical that organizations ensure that all systems have the latest patches applied to them, as this reduces the number of potential vulnerabilities within the business for an attacker to exploit.
4 - User Authentication:
Accessing services like RDP with stolen user credentials is a favorite technique of ransomware attackers. The use of strong user authentication can make it harder for an attacker to make use of a guessed or stolen password
How to Mitigate an Active Ransomware Infection
Many successful ransomware attacks are only detected after data encryption is complete and a ransom note has been displayed on the infected computer’s screen. At this point, the encrypted files are likely unrecoverable, but some steps should be taken immediately:
- Quarantine the Machine: Some ransomware variants will try to spread to connected drives and other machines. Limit the spread of the malware by removing access to other potential targets.
- Leave the Computer On: Encryption of files may make a computer unstable and powering off a computer can result in loss of volatile memory. Keep the computer on to maximize the probability of recovery.
- Create a Backup: Decryption of files for some ransomware variants is possible without paying the ransom. Make a copy of encrypted files on removable media in case a solution becomes available in the future, or a failed decryption effort damages the files.
- Check for Decryptors: Check with the No More Ransom Project to see if a free decryptor is available. If so, run it on a copy of the encrypted data to see if it can restore the files.
- Ask For Help: Computers sometimes store backup copies of files stored on them. A digital forensics expert may be able to recover these copies if they have not been deleted by the malware.
- Wipe and Restore: Restore the machine from a clean backup or operating system installation. This ensures that the malware is completely removed from the device
Source:
.png "Veeam")
.png "RingCentral")