You’ve been infected with ransomware… now what? And what are some effective tips to prevent ransomware infection?
Ransomware may well go down in human history as one of the most sinister of cyber-attacks, encrypting files and documents first, then extorting money to decrypt them. In a recent case, 110 nursing homes across the U.S. were affected when an IT company servicing them was hit by the ransomware strain, Ryuk. The care centers were unable to access medical records, one spokesman talking of possible deaths of patients because of the malware infection. The ransom demand of $14 million worth of bitcoin was unaffordable for the IT firm.
Ransomware is a type of malware that continues to cause havoc across the world. A report from McAfee found that ransomware attacks had increased by 118% to Q1 2019.
Hospitals, schools, IT firms, financial institutions, all types of organizations are targets for ransomware in 2019. In fact, over 500 schools in the U.S. were victims of ransomware.
In addition, the costs of ransomware continue to spiral, tripling in 2019; the average cost being $36,295 USD.
Being prepared for a ransomware attack is a positive action that all companies should build into their strategic security plan.
Related Post: Protect Your Data from Ransomware Attacks
.
To understand what actions can help protect your company from ransomware, you will first need to know how ransomware infects a company network.
Cybercriminals use a number of tried and tested methods to initiate infection; some of the most well-known include:
.
Phishing is still a highly successful method used to infect a computer network with ransomware. In fact, human intervention is needed for almost all cyber-attacks and social engineering is a key way to manipulate end users.
Related Post: Tips For Protecting Yourself From Phishing Attacks
.
Websites or online ads containing malware, are the entry point to ransomware infection on an end user’s machine; vulnerabilities in browsers or other software facilitating the infection. Often, users are not even aware an infection has happened, web-based exploit kits searching for software flaws, then using them to install ransomware.
.
RDP is a tool regularly used by IT departments to manage endpoints. In addition, it is used by cybercriminals to help propagate ransomware across a network, often over several months and by stealth.
.
Flaws in the operating system and other software, such as browsers, offers cybercriminals a way into a network to initiate an infection.
.
Ransomware-infected USB fobs have been sent in the post to unsuspecting recipients. The fobs either automatically run the ransomware if inserted or use social engineering tricks, via tempting messages, used to encourage the recipient to begin an install.
.
Knowing how ransomware ends up on our networks can help us to prevent it from happening in the first place:
.
Security awareness training provides your company with the tools to ensure employees understand the impact of phishing, drive-by-downloads, and general security hygiene. In short, training all employees about the risks of phishing and how to work securely can help to stop ransomware before it begins.
.
EDR tools are agents that can look for the tell-tale signs of a cyber-attack, including ransomware. These tools usually send out alerts to administrators and end users if an attack pattern is spotted.
.
Many ransomware infections need to exploit flaws in software such as a browser to activate the infection. Therefore, make sure you regularly patch your endpoints as this is a vital action in the fight against ransomware and other malware.
.
Some forms of ransomware are hidden in documents, often delivered via phishing emails. If possible, prevent macros from automatically running when a document is opened.
.
The use of the correct back-up system can be a godsend if you do become infected by ransomware. However, it must be air-gapped and ideally stored off-site.
.
Prevention is better than cure. However, the cybercriminals behind ransomware are not to be underestimated. Even with the best measures in place, you may still end up as a ransomware victim. That being said, what kind of remediation plan is needed in these circumstances?
Ransomware investigation services, such as those delivered by our service partner Cytelligence, can be used to recover data and remove ransomware. Therefore, Ransomware investigation is a process, involving several key steps.
.
Isolation of any infected endpoint helps prevent any further spread of the infection.
.
Locating the entry point and strain of ransomware gives the investigator the information needed to perform secure removal of the ransomware.
.
Removal of the ransomware is vital to ensure no further infection can occur. This can be complex as some ransomware hides in stealth mode, being reactivated at a later date.
.
Once the ransomware is cleanly removed, the recovery of encrypted files can take place.
.
The FBI published a recent notice advising U.S. companies about the increasing threat of high-impact ransomware. The FBI is also advising that companies should not pay the ransom. With increasingly costly ransom demands, payment may not be an option for a company.
Instead, preventing infection using vigilance and good security measures is a more effective way to manage the threat. However, if you do find yourself infected by this most sinister of malware, a ransomware investigation service is a good option to minimize the impact.
If you need further guidance on how to fight ransomware, download our handy-dandy infographic by clicking down below.
