limit the damage that a ransomware infection can cause.
Final preparation should include deployment of endpoint pro- tection tools that can detect early attacks and respond to them quickly and automatically, and to educate all end users. People are the weakest link in most organizations, so companies need to make sure that they know what to look for and how to avoid phish- ing schemes and malvertising. All users should be warned against
plugging in any portable storage devices of unknown origin. Early detection of ransomware is key for successfully contain- ing and eradicating the damage. IT need to place signatures into network devices, such as Locky and CrytoWall. Additionally, au- tomated tools for screening email should be in place to detect
executable or malicious attachments.
Security automation and orchestration tools can help con-
tain the damage significantly. The time between detection and containment is critical to minimize lateral damage and spread- ing of infection. It is also recommended to disable the con- nection or try to shut down the system quickly to minimize damage. These steps can be also automated to respond quickly and consistently.
How to eradicate ransomware. Replacing the machines is the best option. With all types of malware, including ransomware, it is almost impossible to know whether there are hidden files remaining on the system that could launch another infection.
Cleaning file shares, mailboxes and malicious messages should be done, and companies need to be very proactive about continuing to monitor signatures to detect signs that the attack is emerging once more.
Once the backups are verified and clean, restoring affected files can be accomplished in relatively little time without the need to pay the ransom. The infection vector could be a phishing email, an internet-based attack kit or another exploitation. Knowing how the attacker penetrated your defenses can help prevent fu- ture attacks. Finally, be sure to report the incident. Victims are encouraged to report ransomware attacks to the FBI’s Internet Crime Complaint Center.
An increasing number of organizations are suffering ransom- ware attacks, and experts predict that the numbers are only go- ing to climb. Attackers have the potential to make large sums of money, which means that they are sure to ramp up even more.
Regardless of its size, virtually every organization is vulner- able to an attack, and the consequences of a successful ransom- ware attack can go far beyond the payment of the ransom. Lost business, customer inconvenience, lost productivity and negative publicity can result as well.
Rishi Bhargava is the co-founder and vice president of marketing at Demisto.
Make us your homepage!
Our website uses responsive design to adapt to whatever device you’re using.
• Breaking news
• Relevant industry news and trends
• The newest security products
• Online product database and directory
• Trending topic and product videos
• Training through Security Today Academy
1.5988 in
secur
ri
it
ty
y
t
t
o
od
d
a
ay
y.
.c
co
o
m
m
NS9
Go to sp.hotims.com and enter 206 for product information.