In previous posts, we already mentioned that ransomware attacks increased by 500% in 2019. It is one of the most frequent types of malware that companies and users have to constantly battle.
At ESED, we want to help you prevent this type of cybercrime and ensure the security of your system. That's why we have prepared a ransomware guide that we hope will be of great help to you.
Ransomware is a type of malware that denies access to your information and threatens to make your files inaccessible unless you agree to pay the demanded ransom.
It involves encrypting the documents and information of its victims, blocking their access to files until a monetary compensation is received for their release.
There are several ways of propagation, but undoubtedly, the most common is through email. Victims are enticed to click on a link or download an infected file, allowing the malware to spread throughout the system.
Ransomware always operates through messages demanding payment from its victims. Typically, the demanded ransom is paid in virtual currencies or cryptocurrencies. If you agree to pay for the information, the cybercriminals will provide you with the keys to unlock your data and regain access. Otherwise, they will leave you without access or expose the information to third parties.
Awareness and training of your employees are essential to prevent ransomware attacks.
The human factor is one of the main reasons why a system, device, or equipment becomes infected. Ransomware attacks are launched to deceive internet users into taking actions that grant malware access to their system.
It is essential to raise awareness and educate your team to detect such messages and align with the security policies adopted by the company.
To avoid infection, a series of technical and procedural measures must be taken.
Technical measures will ensure that our systems have no security holes, keeping them always updated and well-configured. Undoubtedly, having a robust cybersecurity strategy will be of great help.
Regarding procedures, they will revolve around an action protocol specifying the stakeholders and the measures to be adopted.
Within prevention, measures to consider include:
Having backups will help you recover information in case of loss or theft and avoid having to pay a ransom or risk losing it. These backups can be online or offline.
At ESED, we follow the 3-2-1 Backup Rule, which consists of:
Keep at least 3 copies of your data.
Have a local copy of the information to enable quick recovery of lost or deleted data.
Have a copy stored in a different geographical location from the other two.
Your connection can also influence the security of your system. To avoid such attacks, we recommend using a VPN when working outside the company. VPNs allow information to travel between systems encrypted so that cybercriminals cannot access it.
Another factor to consider while browsing the web is to be cautious about the websites you visit. Try to navigate official or secure websites (those with SSL certificates) to ensure they are free of malware.
Cybercriminals take advantage of system vulnerabilities or security loopholes. The more up-to-date your system is, the less vulnerable it will be to any type of threat.
It is important to be aware of who has access to your information to avoid possible data leaks. The more users have access, the more possibilities there are for loss or theft. Give your employees access only to essential information and ensure that confidential data is well protected.
Phishing, attacks through email, is currently the most frequent type of attack. Therefore, it is important to properly configure your company's email with anti-phishing solutions to help: filter spam, prevent email spoofing, scan incoming and outgoing emails, disable macros, or deactivate HTML content for critical email accounts.
Having an action plan in place to know the steps to take in the face of a ransomware attack and prevent its spread to other devices is essential.
If your company has been attacked by ransomware, never pay the ransom under any circumstances. Stay calm and activate an incident response plan (if you have one) or resort to your backups to recover the lost information.
Paying a ransom is falling into the trap of cybercriminals. It does not guarantee the recovery of your information, and once paid, they may continue to extort you. Moreover, it makes you an easy target for future attacks and supports the cybercrime business.
If your company has fallen victim to a ransomware attack, it is essential to seek help from a professional or specialist in cyberattacks. At ESED, we offer a Disaster Recovery solution to address these issues.
To avoid ever reaching critical situations like these, where all your information is exposed or lost, it is crucial to have an endpoint solution (antivirus) with anti-ransomware capabilities. This way, you can ensure the security of your systems.