What is Ransomware?
Ransomware is a type of malicious software which locks networked devices such as a computer, a printer, or even a TV, and keeps it locked until a ransom is paid. The attacker may lock a file, an application, a storage holding critical data, or the entire system. In some cases, the attacker may threaten to leak the stolen data to the internet, or even use it against the victim. It is reported that in 2022 20% of the attacks were ransomware, and the average ransomware was above $900,000.
How Do I Get It?
Today’s attacks are so sophisticated that you may unknowingly get a ransomware by one of these:
- Opening an unknown email attachment.
- Clicking on a suspicious advertisement.
- Visiting a malicious website.
- Installing an untrusted application.
- Having an old software or system with a vulnerability that can be remotely exploited.
What If I Get It?
A ransomware attack can be annoying or disruptive for your business. Here are the steps to mitigate the attack:
- Make sure the attack is real, as there are so many spam emails claiming ransomware attacks.
- Disconnect the infected system from the network so that it does not spread to others.
- Assess the total damage.
- Do not rush to pay the ransom before attempting to fix the damage.
- Recover the data from the backup on a clean system.
- Report the incident to the FBI at https://www.ic3.gov/Home/ComplaintChoice.
- Get an incident response service from a reputable company.
How To Protect?
Protection against ransomware should be planned and continuous. Unfortunately there is no 100% protection. That’s why there is long list of items to be implemented:
- Backup your data. It is recommended to encrypt the critical data, and to get an offline copy.
- Do not open unknown files before scanning it with a reputable and updated antivirus software.
- Use an ad blocker unless you need to see advertisements.
- Do not visit suspicious internet sites.
- Secure accounts with Multi Factor Authentication (MFA).
- Do not install unknown or uncertified applications. Do not allow employees to install applications on their systems.
- Make sure all systems have updated software and firmware.
- If possible, get vulnerability scanning and penetration testing services.
- Use a reputable email service with malware protection.
- Create an incident response plan.
- Educate employees.
- Get cyber insurance.
- Block countries known for harvesting cyber criminals.
- Use DNS and IP filtering to block certain sites with suspicious content.
- Implement a secure access control for local and remote employees.
- Install a modern network based cybersecurity solution with intrusion prevention, automatic updates and real-time alerts.
For more information please contact Roqos at info@roqos.com.