Ransomware is a type of software that prevents users from accessing their files or their whole computer system until they pay a ransom.
Cyber attackers encrypt the files on your system and hold them hostage, so you can’t read them. The ransomware may try to spread to your whole network system to shared devices, servers and attached computers. The attackers usually ask for payment in online currency, such as Bitcoin, as these are more difficult to trace than cash or regular online transfer. If you don’t pay the price in the given time frame, your attackers may threaten to delete the data from your device.
The ransom is often relatively small, as the attacker believes it may be easier for you to pay the price rather than get someone to fix it. However, paying the ransom more often than not doesn’t solve the problem. Attackers are likely to leave your files encrypted even if you have paid the required price, so it is better to ask for help rather than engage with these hackers.
Ransomware can affect anyone, from individuals to small and large businesses. The most popular way to enter your system is through an attachment through a spam email. It can also stem from a download from the web, social media messages, fake advertisements or removable USBs. After you download the file, it encrypts your data, adds extensions to your file and prevents you from accessing them.
How to prepare for ransomware?
You might be wondering if there is a specific way to prevent a ransomware attack. There is, six key steps that will help to defeat these attacks:
1. Security Awareness
Ensure your staff are made well aware of the threats posed to company assets and data. Ensure you have policies in place and practices which teach staff how to deal with unsolicited emails, spam and other nefarious activity which they are likely to encounter in an online world. Ensure your email is secure and will defeat common attacks.
2. Email Security
Ensure that SPF, DKIM and DMARC are configured for your email and that you have processes in place for dealing with failures or notifications of non-compliant email.
3. Filtered Browsing / Systems Currency
Ensure to employ appropriate web filtering for your company access to the web. Ensure that White/Blacklisting is employed, that content is scanned for malware and that all laptops/systems/browsers are kept up to date with the latest patches.
4. Logging & Monitoring
Ensure that you log security and administrative events and that logs are held securely away from operational systems. Ensure that appropriate event correlation and alerting is in place to notify of any nefarious activity concerning systems or administrative account use.
5. Privileged Access
Ensure you have policy and procedures operating which mandate security for the operational use of privileged admin accounts. This is with regards to multifactor authentication (MFA), conditional use, separation of duties and access control. Ensure that administrative accounts which manage backups are separate from other admin accounts and functions.
6. Backups, Backups, Backups
Ensure you have policy and procedures operating for the regular (daily) backup of key data. Ensure that backups are secure and held separately from other data stores. Plan for the regular testing of restore functions for the data and systems you have backed up. Ensure you have appropriate logging in place in accounts and functions.
How to recover from ransomware?
DO NOT PAY A RANSOM…
This is usually a futile response, leading to more demands
- Find the cause of the breach and ensure that it is remediated!
- Run scans to ensure the removal of all malware has been completed
- Restore your systems for your most recent backup.
If you have been affected by ransomware or want to put some safety measures in place to prepare for it, get in touch with the team at Canda. We are cybersecurity experts and can help put preventative parts in motion to ensure your data is always accessible. So, contact us today if you have any questions or want to learn more about ransomware!