Ransomware

Ransomware
The ransomware epidemic is a very real problem. This threat is one that your enterprise and users need to be aware of in order to combat effectively. Let's prevent your organization from being another victim.

FAQ:

What is ransomware?
Ransomware is a type of malicious software that blocks access to systems or data until the requested ransom is paid.

Are there common methods through which ransomware is spreading?
There are quite a few factors of common ransomware propagation methods to be aware of. Most commodity ransomware spreads through mass spam/phishing messages through the use of weaponized attachments; although others use different avenues of infection through vulnerable software and hacking, malvertisements, exploit kits, and removable media (such as USB drives).

What are some good recommendations for preventing ransomware?

  • Don’t open unverified emails -- Instill the idea of “trust, but verify” to your users. Exercise critical thinking questions, such as: Were you expecting that email? Has that vendor sent invoices like this previously? Does the formatting seem right? If something seems “off”, train your users to call to confirm before clicking anything. Interested in a more in-depth guide on better email security? Check out our cheat sheet for tips on disabling Office Macros for better email security.

  • Regularly update software -- Keep your systems up-to-date. Ransomware is commonly distributed through exploit kits as well, which is a method that attempts to leverage vulnerabilities in a user’s web browser and/or plugin platforms to download and execute malicious payloads.

  • Have backups & offsite backups -- Not only should you have backups of important files and documents onsite, but you should create at least one backup in a separate offsite location. This will keep damages to a minimum. 
 These are only a couple of many ways you can protect your systems from a massive problem. Check out more recommended protective actions that are included here.

How should my enterprise help prepare my employees?
As phishing emails are one of the most common methods ransomware is spread, it is extremely important to empower your users to defend themselves and your business by enhancing their education and awareness surrounding security best practices. Training should be relevant and enforced. Find out more strategies for enhancing user education in our Ransomware Resistance Cheat Sheet Part 1.

How can I deal with access control and software restriction policies?

  • Access Control -- You should only be granting access to certain areas of your network as necessary. For instance, users should not have local administrator access, unless there is an extremely good reason. Since phishing and social engineering are continuously successful as a channel for ransomware infection, separated access makes it more difficult for the attacker to gain access into areas the areas they want (those containing the crown jewels).

  • Application Whitelisting -- Another way to control what is going on inside your network, is by figuring out what apps are used and necessary to your users and only allow those applications to run. This helps to eliminate the infiltration of malicious software.

  • For more information on decreasing your attack surface, check out Part 2 of our rapid-fire list for countering ransomware.

If my enterprise has been compromised, should I pay to regain access to my data?
It is highly recommended that victims don’t pay. This is also where backups are the one thing to have in place in the event of a ransomware infection. Offline backups are going to be your best defense against a ransomware attack.

Are there any proactive tips for a disaster recovery plan?
Again, backups, patching, and vulnerability management, are crucial to warding off a real problem. Although there are also disaster recovery exercises you can run as well. Check out some of our recommendations for disaster recovery process in our Ransomware ‘Quick’ Fixes Part 3 guide.

Ransomware Cheat Sheets:

Ransomware is a threat that isn’t going anywhere anytime soon. The goal of this three-part guide is to provide you with a variety of suggestions for hardening your enterprise network against ransomware attacks.