Are You Ready for Ransomware?
What Is Ransomware?
Ransomware is a type of malicious software that encrypts your files. Often, the only way to decrypt and gain access to the files is by paying a “ransom” or fee to the attackers. The attackers might provide the decryption key allowing you to regain access to your files. Ransomware may spread to any shared networks or drives to which your devices are connected. We are continuing to see ransomware attacks and expect their frequency to increase.
How Can I Get Infected with Ransomware?
Common vectors for ransomware attacks include e-mails with malicious attachments or links to malicious websites. It’s also possible to get an infection through instant messaging or texts with malicious links. Antivirus may or may not detect a malicious attachment, so it’s important for you to be vigilant.
How Can I Protect Myself Against Ransomware?
Before the attack
The best security strategy is to avoid ransomware altogether. This requires planning and work – before the crisis hits.
Back up and restore
- The most important part of any ransomware security strategy is regular data backups.
- Surprisingly few organizations run backup and restore drills.
- Both halves are important; restore drills are the only way to know ahead of time whether your backup plan is working.
Update and patch
- Keep operating systems, security software and patches up to date for all devices.
Train and educate, beware macros
- Employee training and awareness are critical. Your people should know what to do, what not to do, how to avoid ransomware, and how to report it.
- If employees receives a ransomware demand, they should know to immediately report it to the security team—and never, ever try to pay on their own.
Invest in robust email, mobile and social media security solutions
- Even the best user training won’t stop all ransomware.
- Advanced email security solutions protect against malicious attachments, documents and URLs in emails that lead to ransomware.
- Also invest in mobile attack protection products to stop malicious mobile applications from compromising your environment.
During the Attack: Getting Back to Business
- While the best ransomware strategy is to avoid it in the first place, this advice means nothing if you’re newly infected.
- You have short-term problems to resolve, like getting computers, phones and networks back online, and dealing with ransom demands.
Call the South African Police Services
- Notifying the proper authorities is a necessary first step.
Disconnect from the network
- The second employees see the ransomware demand or notice something is odd, they should disconnect from the network and take the infected machine to the IT department.
- Only the IT security team should attempt a reboot, and even that will only work in the event it is fake scareware or rudimentary mobile malware.
Determine scope of problem based on threat intelligence
Your response—including whether to pay the ransom— hinges on several factors:
- The type of attack
- Who in your network is compromise.
- What network permissions compromised accounts have
Orchestrate a response
- A big part of your response is deciding whether to pay the ransom.
- The answer is complicated, and may require you to consult law enforcement and your legal counsel.
- Paying the ransom is not a good idea as it did not guarantee the hackers would hold up their end of the bargain and decrypt the files that had been locked,
- In fact, paying the ransom could have the opposite effect, making the criminals demand more money from their victims.
Don’t count on free ransomware decryption tools
- Most free tools work for only a single strain of ransomware or even a single attack campaign. As attackers update their ransomware, the free tools fall out of date and likely won’t work for your ransomware.
Restore from Backup
- The only way to completely recover from a ransomware infection is restoring everything from backup.
After the Attack: Review and Reinforce
- Security experts recommend a top-to-bottom security assessment to find threats that may still linger in your environment.
- Take a hard look at your security tools and procedures—and where they fell short.
Cleanup
- Some ransomware contains other threats or backdoor Trojans that can lead to future attacks.
- Look closer for hidden threats that you may have overlooked in the chaos.
Post-mortem review
- Review your threat preparedness and response.
- Without figuring out how the ransomware attack got through, you have no way of stopping the next attack.
Assess user awareness
- A well-informed employee is your last line of defense. Ensure employees, staff or faculty are up to the task.
Education and training
- Develop a curriculum to address employee vulnerability to cyber attack.
- Create a crisis communications plan in the event of a future attack, and follow-up with drills and penetration testing.
Reinforce your defenses
- Today’s fast-changing threat landscape requires security solutions that can analyze, identify and block—in real time—the malicious URLs and attachments that serve as ransomware’s primary attack vehicles.
- Seek out security solutions that can adapt to new and emerging threats and help you respond to them faster.