Preventing Ransomware Attacks

Uploaded on 2021-06-01 in TECHNOLOGY--Resilience, TECHNOLOGY--Hackers, FREE TO VIEW

Malicious software that uses encryption to hold data for ransom has become wildly successful over the last few years. The purpose of this software is to extort money from the victims with promises of restoring encrypted data. Ransomware is malware that encrypts a computer system’s data and demands payment to restore access. 
 
Paying the ransom does not guarantee you will get the private key to restore your data. Instead, protect your files by using protective measures in your day-to-day operations. In case of an attack, you can return files to their original state.
 
Ransomware is like other computer viruses, it usually finds its way onto a device by exploiting a security hole in vulnerable software or by tricking somebody into installing it. The chances of infection can be significantly reduced both by security software and by paying sufficient attention. By using anti-ransomware, you can avoid a situation in which you have to pay horrendous sums for the possible release of your data. 

Security recommendations For Dealing With   Ransomware.

  • Do not pay the ransom:  It only encourages and funds these attackers. Even if the ransom is paid, there is no guarantee that you will be able to regain access to your files.
  • Restore any impacted files from a known good backup:   Always back up your data. Restoration of your files from a backup is the fastest way to regain access to your data.
  • Do not provide personal information when answering an email, unsolicited phone call, text or other message:  Phishers will try to trick employees as well as individuals into installing malware, or gain intelligence for attacks by claiming to be from IT or a reputable business. Never give out your personal information to unsolicited people.
 
For organisations to be secure and protected against ransomware attacks and to help with recovery from if they do happen, the US National Institute of Standards and Technology (NIST) has published a series of tactics. NIST’s advice includes:  
 
  • Use antivirus software at all times.
  • Keep all computers fully patched with security updates.
  • Use security products or services that block access to known ransomware sites on the internet.
  • Configure operating systems or use third-party software to allow only authorised applications to run on computers, thus preventing ransomware from working.
  • Restrict or prohibit use of personally owned devices on your organisation’s networks and for telework or remote access unless you’re taking extra steps to assure security.
NIST also advises users to follow these tips for their work computers:  
 
  • Use standard user accounts instead of accounts with administrative privileges whenever possible.
  • Avoid using personal applications and websites, such as email, chat and social media, on work computers.
  • Avoid opening files, clicking on links, etc. from unknown sources without first checking them for suspicious content. For example, you can run an antivirus scan on a file, and inspect links carefully.
In case of an attack, NIST recommends that organisations follow these steps to accelerate their recovery: 
 
  • Develop and implement an incident recovery plan with defined roles and strategies for decision making.
  • Carefully plan, implement and test a data backup and restoration strategy.
  • Maintain an up-to-date list of internal and external contacts for ransomware attacks, including law enforcement. 
The best way to recover from ransomware is to restore data from a backup. Backups bypass the ransom demand by restoring data from a source other than the encrypted files.
 
Hackers know this, so they develop ransomware that scans the network for backup files. After restoring from a backup, you still must remove the ransomware from the network. An effective way to stop malware from encrypting backup files is to keep a copy of your backups offsite. Cloud backups are the typical choice for businesses that need an offsite backup solution. Using cloud backups, you keep a copy of your files safe from ransomware and other cyber security threats.
 
NIST:     NCSC:       NCSC:        Kaspersky:       Norton:         Trend Micro:      Thales:       I-HLS:    Image: Unsplash
 
You Might Also Read: 
 
Will Governments Ban Ransom Payments To Hackers?:
 
« Denmark Helped NSA Spy On European Union
Cyber Security: Its Good To Talk »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Cyber Security Associates (CSA)

Cyber Security Associates (CSA)

Cyber Security Associates provides cyber consultancy and cyber managed services which help to detect, protect and educate against the ever-changing cyber threat.

IoTium

IoTium

Secure Cloud Managed Software Defined IoT Networks. IoTium simplifies establishing and managing secure network infrastructure for Industrial IoT.

AcceptLocal

AcceptLocal

AcceptLocal is a payments industry consultancy with expertise in payment processing, payment security, anti-money laundering and fraud prevention.

Japan Information Security Audit Association (JASA)

Japan Information Security Audit Association (JASA)

JASA is non-profit association active in developing and managing the quality of Information Security Auditing and Auditors in Japan.

Core Security

Core Security

Core Security provides threat-aware identity, access, authentication and vulnerability management solutions.

Protectimus

Protectimus

Affordable two factor authentication (2FA) provider. Protect your data from theft with multi factor authentication service from Protectimus.

Cybercrime Investigation & Coordinating Center (CICC)

Cybercrime Investigation & Coordinating Center (CICC)

The Cybercrime Investigation and Coordinating Center (CICC) is an attached agency of the Philippines Department of Information and Communications Technology (DICT).

Cog Systems

Cog Systems

Cog Systems offer an embedded solution built on modularity, proactive security, trustworthiness, and adaptability to enable highly secure connected devices.

Armenia Startup Academy

Armenia Startup Academy

Armenia Startup Academy is a pre-acceleration program for selected Armenian tech companies and startups in areas including cybersecurity.

Information & Communications Technology Association of Jordan (int@j)

Information & Communications Technology Association of Jordan (int@j)

The Information & Communications Technology Association of Jordan is a membership based ICT and IT Enabled Services (ITES) industry advocacy, support and networking association.

1898 & Co

1898 & Co

Keep your critical assets secure with a comprehensive portfolio of services from high-level assessments to fully managed security services designed for operational technology applications.

NI Cyber Security Centre

NI Cyber Security Centre

NI Cyber Security Centre works to make Northern Ireland cyber safe, secure and resilient for its citizens and businesses.

LogicGate

LogicGate

The LogicGate Risk Cloud™ is an agile GRC cloud solution that combines powerful functionality with intuitive design to enhance enterprise GRC programs.

Cognilytica

Cognilytica

Cognilytica’s Cognitive Project Management for AI (CPMAI) training and certification is recognized around the world as the best practices methodology for implementing successful AI & ML projects.

Actelis Networks

Actelis Networks

Actelis Networks is a market leader in cyber-hardened, rapid deployment networking solutions for wide-area IoT applications.

New Relic

New Relic

After inventing application performance monitoring (APM), New Relic stands at the forefront of observability with the most advanced platform for eliminating digital interruptions.