When Ransomware infects your Computer System, it encrypts your files or locks them down, this means tat the ransomware grabs as a “digital hostage” some files or your entire computer system rendering the files or the entire system unusable, the Cyber criminal then will typically demand a Ransom in exchange for the unlocking / Decrypting of the files and in some cases threaten to publicly release your data if you do not meet his/ her demands. It’s critical to be prepared to prevent yourself from becoming a victim and in the case that you ever find yourself in front of a locked system or an encrypted file to know what to do, in order to recover from the situation.
According to Gartner Increasingly sophisticated ransomware attacks are specifically targeting backup data and administrator functions and the threat from increasingly sophisticated ransomware is growing, with attacks being launched by criminal and governmental organizations worldwide, the recent Kaseya Ransomware Attack highlights this growing threat.
Below are the main Ransomware Protection & Mitigation measures , best used in Combination as there is currently no single solution which can completely protect an organization or an individual from ransomware attacks. :-
- Never Click on any Unknown / untrustworthy links.
- Personal information such as login details should not be shared, don’t be tricked into revealing them.
- Do not open Email attachments that appear to be Suspicious.
- Never Use a USB storage device that you don’t recognize, Cyber-criminals may have infected the storage medium and placed it in a public place to entice somebody into using it.
- Maintain the latest versions of your programs and operating system, this ensures that all the relevant security patches and updates which prevent any potential flaws from being exploited are in place.
- On Public Wi-Fi Networks, use secure VPN services such as Proton VPN.
- Enable Multi-Factor Authentication (MFA) – a security technology that requires multiple methods of authentication from independent categories of credentials to verify a user’s identity for a login or other transaction. Multifactor authentication combines two or more independent credentials: what the user knows, such as a password; what the user has, such as a security token; and what the user is, by using biometric verification methods.
- If you have high risk targets, consider using a virtual Desktop service like Citrix, Azure Desktop, Amazon WorkSpaces or Tehama. If the virtual machine is infected you can just create a new one from the master image.
- Use an Email Service like Proof Point to screen for known Ransomware vectors and open links in a Protected Sandbox.
- Consider a zero day network defense like Fireye or Extrahop.
- Ransomware can be mitigated by frequent, high quality data backups that are stored offline from the target systems and kept for a reasonable period of time. That way if your systems are compromised you can restore the data, this can be expensive so an appropriate budget has to be in place.
- The Cheapest alternative way is the social way, whereby you implement an awareness program for you users, which is specially focused on the importance of never clicking a dubious link or opening malicious attachments, this is the most useful and least expensive way to prevent a ransomware, as common sense is the best defense mechanism , the smarter your are users, the safer your systems are.