Ransomware targets the home user, business, and government networks and may result in temporary or permanent loss of sensitive or proprietary information, interruptions in normal operations, economic loss of recovery of systems and documentation, and potential damage to the reputation of the organization.
Educate your staff
Attackers often enter the organization by tricking users into compromising their passwords or clicking on virus-based attachments. Remind employees not to click on unsolicited links, or to open unsolicited attachments in e-mail. To increase employee awareness, internal security teams can use simulated phishing emails to test the training of organizational staff. It is also good to use specialized software to monitor employees’ computer activities and prevent employees from erroneous behavior.
Proactive defense is the best defense Prevention is the most effective defense against ransomware and precautionary measures are crucial. Infections can be
Disrupting individuals or organizations, recovery may be a difficult process and requires the services of a reputable data recovery specialist. U.S. Government
Users and administrators are advised to take the following precautions to protect their computer network from ransomware infection:
- Back up data regularly. Verify the integrity of these backups and test the recovery process to make sure it is working.
- Conduct annual penetration testing and vulnerability assessment.
- Protect your backups. Make sure that the backup will not be permanently connected to the computer and network being backed up. For example, protecting backups in the cloud or backing up offline physical storage. When the system is backed up in real time, some instances of ransomware can lock up cloud-based backups, also known as persistent synchronization
- Backing up is crucial for ransomware recovery and response; backups can be the best way to recover critical data if it becomes infected.
What to do if infected with ransomware?
If precautionary measures fail, the USG recommends that organizations consider the following steps to address ransomware infections:
- Isolate the infected computer immediately. Infected systems should be removed from the network as soon as possible to prevent ransomware from attacking the network or shared drives.
- Isolate or shut off affected equipment that has not been completely damaged. This may take more time to clean up and recover the data, include damage, and prevent deterioration.
- Protect your backup data or system offline immediately. Make sure the backup is free of malware.
- Contact law enforcement immediately. We strongly recommend that you contact the FBI or the U.S. Agent’s local field office immediately after your discovery to report ransomware incidents and request assistance.
- If available, collect and protect portions of potentially processed data.
- If possible, change all online account and network passwords after removing the system from the network. Also, change any system password once malware is removed from the system.
- Delete registry values and files to stop the loader.
- Implement your security incident response and business continuity plan. Ideally, the organization will make sure they have a proper backup, so their response to the attack is simply to recover the data from a known clean backup. With data backup you can eliminate the need to pay ransom to recover data.
Protecting Your Networks from Ransomware
l33tdawg Sat, 01/06/2018 – 00:27… Protecting Your Networks from Ransomware