Ransomware is a type of malware that has become a significant threat to businesses and individuals. Most of the current ransomware encrypts files on the infected system/network (crypto ransomware). A few variants are known to erase files or block access to the system using other methods (locker ransomware). It can range from $200 – $3,000 to unlock the files. The money is often exchanged in bitcoins or gift cards. Ransomware can infect an array of devices from computers to smartphones.
How Do You Get Ransomware?
Ransomware is often spread through phishing emails that contain malicious attachments or through drive-by downloading. Many times people do not realize that this happens.
Victims of Ransomware
Don’t pay it!
Paying the ransom does not guarantee an organization will regain access to its data. Some individuals or organizations were never provided with decryption keys after having paid a ransom. Other victims who paid the ransom have been reported being targeted again.
Responding to a Compromise/Attack
- Immediately disconnect the infected system from the network to prevent infection propagation.
- Determine the affected data for it may require additional reporting and/or mitigation measures.
- Determine if a decryptor is available.
- Restore files from regularly maintained backups.
- Report the infection. Other sectors and home users may report the infections to local Federal Bureau of Investigation (FBI) field offices or to the Internet Crime Complaint Center (IC3).
How to Mitigate Infections
Securing Networks and Systems
- Backups are critical. Routinely test backups for data integrity and to ensure it is operational.
- Use antivirus and anti-spam solutions. Enable regular system and network scans with antivirus programs enabled to automatically update signatures. Implement an anti-spam solution to stop phishing emails from reaching the network. Consider adding a warning banner to all emails from external sources that reminds users of the dangers of clicking on links and opening attachments.
- Disable macros scripts.
- Keep all systems patched, including all hardware, including mobile devices, operating systems, software, and applications, including cloud locations and content management systems (CMS), patched and up-to-date. Use a centralized patch management system if possible.
- Restrict Internet access. Use a proxy server for Internet access and consider ad-blocking software.
- Apply the principles of least privilege and network segmentation. Categorize and separate data based on organizational value and where possible, implement virtual environments and the physical and logical separation of networks and data. Apply the principle of least privilege.
- Vet and monitor third parties that have remote access to the organization’s network and/or your connections to third parties, to ensure they are diligent with cybersecurity best practices.
- TickTockTech has partnered with CyberGood Security to offer HackSweep which is a live cyber security monitoring for ransomware detection and mitigation.
Call a tech repair company like TickTockTech and get an onsite, no obligation (free), assessment. You can talk with real people and get professional advice.