Advice for Ransomware
This advice is valid for ransomware but also for computers in general. Hard disks or other memory systems are not infallible, so it is advisable to always have your important data (photos, documents, etc.) duplicated in two different places. Ideally, the backup should be made regularly on a medium that is only linked to the device to be backed up when the files are copied (USB key, external hard drive, online backup, etc.). This is because ransomware can also spread on storage media connected to the infected device. Indeed, Keep Windows, Linux, Mac, Android, iOS, or other systems up to date and regularly check that you are using the latest version of your favorite software, especially browsers. Finally, some operating systems or software are no longer supported and no longer receive security update There are several defensive measures you can take to prevent ransomware infection. Here are some solutions we suggest.
Keep your operating system patched and updated to ensure you have fewer vulnerabilities to exploit. Don’t install software or give it administrative privileges unless you know exactly what it is and what it does. Install antivirus software, which detects malware such as ransomware as soon as it arrives, and whitelisting software, which prevents unauthorized applications from running in the first place. And, of course, back up your files, frequently and automatically! It won’t stop a malware attack, but it can significantly reduce the damage caused by an attack. Also, it is important to Defend email as phishing and spam are the primary means of spreading ransomware attacks. Secure email gateways with targeted attack protection are essential to detect and block malicious emails that spread ransomware.
Protect mobile devices.
Indeed, mobile attack protection products, when used in conjunction with mobile device management tools, can scan applications on users’ devices and immediately alert users and IT to any potentially sensitive applications. compromise the environment. However, it is also important to protect. Protect web browsing, as secure web gateways can analyze users’ web browsing traffic to identify malicious web ads that could lead them to ransomware. Finally, monitor your server, network, and key backup systems: monitoring tools can detect unusual file access activity, viruses, network traffic and CPU loads, possibly in time to prevent ransomware activation.
During a ransomware attack
While the best ransomware strategy is to avoid it in the first place, increasingly sophisticated attacks against the software supply chain have shown that even the best-prepared companies can be caught. Ransomware may not even be the first payload to infect your system. Many Ransomware gangs now prefer to buy access to targets already infected with Trojans or loader malware. During the attack, you have urgent problems to resolve, such getting computers, phones, and networks back online and dealing with ransom demands
Disconnect from the network
The moment employees see the ransomware demand or notice something odd, they should disconnect from the network and take the infected machine to the IT department. Only the IT security team should attempt a reboot, and even that will only work in the event it is fake scareware or run-of-the-mill malware.If the ransomware has already made, its way to a server, the security team should isolate it as quickly as possible and map out a response.
Restore from backup
The only way to completely recover from a ransomware infection is restoring everything from backup.But even with recent backups, paying the ransom might make more financial and operational sense.
After ransomware attack
While the immediate crisis may be over, there’s still plenty of work ahead.
Review security
We recommend a top-to-bottom security assessment to find threats that may still linger in your environment. Take a hard look at your security tools and procedures—and where they fell short.
Make Clean
Some ransomware is delivered through other threats or backdoor Trojans that can lead to future attacks.Often, the victim’s environment was already compromised, opening a door for the ransomware.Look closer for hidden threats that you may have overlooked in the chaos, especially if there is a risk that backups may also have been compromised.
Train employees
A well-informed employee is your last line of line of defense. Make sure employees, staff and faculty are up to the task. Regular assessments and phishing simulations phishing simulations can help determine who is most vulnerable. Also Develop a curriculum to address employee vulnerability to cyberattacks. It should be based on real campaigns and attack tactics. Create a crisis communication plan in crisis communication plan in case of a future attack, and followed by exercises and penetration tests.
