Cyber Attack
Cyber Attack: What is Ransomware and how to prevent it?

Ransomware is one of the biggest threats facing corporations and can cause catastrophic damage to their reputation, trust, and cost millions. Ransomware is a form of Malware that infects a system, encrypts data, or steals data, and demands a ransom to retrieve sensitive information.

How does it work?

Ransomware uses many of the same vectors as other malwares to infect a system. Some of these methods included phishing, harvesting credentials and accessing a system, or some sort of malicious advertising that may install a scareware type of program to a system. Once infected, the virus attacks data storage and encrypts data that makes it only accessible by a key to decrypt it. Generally, the attacker will offer the key for a ransom and many of the times, not release the key even after a ransom is paid. The transactions are generally through crypto currency, which can help conceal the identity of the attack.

What are some ways to protect yourself?

Backup Data – Regular backups can’t be stressed enough. They can limit downtime and allow an administrator to simply reload a system with a known good backup. Incremental and full backups should be stored in different locations to ensure that it’s ready when needed.

Patch Systems – Applying security patches as soon as possible can help reduce vulnerabilities on a network and close avenues for attacks.

Education – Keeping your network users vigilant to attack methods and aware of what types of tactics are used to trick users to doing something malicious.

Secure the network – New technologies like Next Generation Firewalls and Intrusion Prevention Systems can protect your network boundary and generate alerts when attacks are occurring.

Segment a network – It is best to implement a defense in depth approach that segments a network and keeps valuable resources in the most restricted parts. Limiting permissions for users and assigning proper authorization will make sure that only those that need access have access.

Monitor Network – With Security Information Event Management and Security Operations Centers, networks can be constantly monitored for malicious activity. Having constant eyes on logs or events can help with the detection of a malware incident.

Filter Emails – Hackers try to get access to the network by crafting emails with malicious attachments and links. Using a proxy device that can inspect an email will allow security administrators to screen emails going to your users.

Protect endpoints – A trusted antivirus agent on an endpoint can detect malware before it spreads and quarantine a system. Strong authentication methods like multi-factor can keep intruders out as well.

Threat Intelligence – Threat intelligence can be a valuable tool for a security engineer, as it provides you with the most current threat information so you can ensure you know what to look for.

Never pay a ransom – Paying the ransom should never be an option. Chances are good that you will not get your data back, and you’ll be left with nothing.

Share this content:
Related posts: