Ransomware is a type of Malware which encrypts all types of files in the system. The Ransomware author will infect your system, encrypt your data / hard disk(s) / machines, and then demand a “ransom” payment assuring you of restoring your encrypted data. The most basic form of ransom encrypts the file in one location and from there can encrypt other files on the shared folder of any machine. It can also scramble your file name.
Ransomware Discoveries (Source: CERT-RO)
- Patch and update your software: All software (applications and OS) should be regularly patched in order to prevent attacks.
- Maintain comprehensive backups: The fastest way to recover from the ransomware attack is to have backup of your data. Not only server data but also all the files residing in local system should also be backed up.
- Protect the systems with antiviruses: The system should have antivirus installed in order to detect the malware activities.
- Install endpoint security solution: A multi-facet security solution should be deployed. It should not only protect file based threats but also should have download protection, browser protection, heuristic technologies, firewall and a community sourced file reputation scoring system.
- Employee Training and Awareness: The primary approach to get into the network is via “Spear Phishing”. Educate the employees, not to open emails, or click on suspicious links or attachments received from unknown senders.
- Scanning and filtering of Email server: Inbound e-mails should be scanned for known threats and should filter out any attachment types that could be a threat.
- Limit end user access: The ransomware threats can browse and encrypt data on any mapped drives that the end user can access. Restricting the user access for sharing will limit the ransom to encrypt files.
- Disable RDP: RDP should be disabled when not in use as the ransomware attacks have taken place through this method.
- Don’t open email attachments: Emails from unknown senders, and attachments should not be opened before scanning it.
- Don’t Click Suspicious links: Emails and websites carry links which may lead you to malicious websites. Be careful while clicking any URL in an email or on a website.
- Don’t pay Ransom: Even if we pay the ransom there is no guarantee that the access can be regained. Therefore, it is better to remove the system from network and remove threat. Restore files from backup and regain the access. Another reason for not paying ransom is that the criminal’s reward system needs to be disrupted and this can happen only if their objectives fail.
While it may be difficult to keep track on different ransomware as they are several stories seems every week, some common Ransomware are: