What is Ransomware?

Ransomware is a type of malicious software (malware) that threateens to report or obstructs the victim's access to their data until the attacker receives a ransom payment. Ransomware is usually spread through phishing attacks containing a malicious e-mail attachment, or link to a compromised website.

With attacks on the rise, businesses and individuals should be aware of ransomware attack techniques and follow best practices for ransomware protection.

 

How To Defeat Ransomware?

Disconnect From Network

  • Immediately unplug computer from network
  • Turn off any wireless communication like Wi-Fi, Bluetooth, NFC

Do not restart of shutdown the infected machine as some ransomwares have chances of decryption if the machine is not rebooted.

Map Your Network For Possible Infections

  • Check the network shares for spread of ransomware
  • Check external connected media like USB, external drive, etc
  • Check cloud based storage files like Google drive, Dropbox, etc

Some ransomware steal data by creating archive files. Check for such large size archive files

Identify Ransomware Family

  • The email mentioned in ransom note, the extension of encrypted files help in identifying the ransomware family it belongs to.
  • Try to identify the source of infection

 

DO NOT

  • Do not try to decrypt the ransomware files on your own as some ransomwares are spoofed decryptors. And you will end up encrypting your data twice or even lose all files.
  • Remove any files from infected system
  • Try to contact hackers directly

DO

  • Seek help of a cyber security company, they can not only identify the source of infection but can also help your organization in cybersecurity and training your employees to prevent further attacks.
  • If you plan to pay the ransom try convincing them to lower the ransom price.

 

FUTURE PREVENTION

  • Implement security controls like DLP, firewall, Antivirus in your organization.
  • ALWAYS have an offsite backup ready.
  • After implementing above controls it is advisable to check their efficiency against such attacks. Go for a cybersecurity audit or Adversary emulation services
  • Employees are the first line of defense. Train your employees for latest attacks and their identification.