R A N S O M W A R E

Now a day’s Ransomware is a hot topic, for last couple of years Ransomware has gained a momentum and has become a threat to internet community.

I have personally seen some of my friends being targeted on Ransomware and being asked to pay heavy amount to decrypt the data. They didn’t pay as the encryption happened on the local system and they have the data on external drive to back it up. However, imagine if a companies’ critical data is being targeted by cyber criminals. The threat become more aggressive if mission critical information is on stake. What should we do about that? How we ensure that our environment is protected from Ransomware?

So what is Ransomware, a tool or application/program/software??

Ransomware is a software used for destructive purpose. Basically, when ransomware executes, it encrypt’s the victim’s data and restrict access to victim’s system’s vital information and then demand for ransom to decrypt it. Sometime the key size is so high that it is close to impossible to decrypt it.

What should we do?

Unfortunately we can’t do much if we are already infected with it. The only solution or recommendation is to have backup of your data on external storage (SAN/NAS/Tape).

However, one can ensure and prepare for not being infected. It largely depends on deploying security layer on organization’s network and tools to detect and report such type of malicious software. To protect our environment, it is important to understand the entrance point and reverse engineer the infection mode and method.

How it is infected and what it does?

At the end, it has a self-destruction capability, which destroy’ s the malicious file after the ransom is been paid.

‘Aila’ so threatening, what should we do now:

There are multiple recommendation’s people suggest and all these suggestions are good. However, based on my experience, below are the recommendation’s to protect against Ransomware :

As I said initially take backup of your data on external storage (SAN/NAS/Tape) or keep it offsite.

Mail scanner which can filter EXEs in email or any other malicious file extension.

Disable files running from AppData/LocalAppData folders through GPO.

Implement Patch management process to ensure all the system are updated and patched.

Separate functional areas with a firewall, e.g., the client and server networks, so systems and services can only be accessed if really necessary.

Most important, ensure that your employee’s know about phishing emails as they are the soft target and vulnerable point. Run continuous training program and educate them about phishing, Ransomware and other malicious program and how the system can be infected through email, usb drive and other media.

Also as I said, be proactive and implement a security solution which can proactively identify them before it’s too late.

Note: There may be multiple way of protecting it. Hence additional points are welcome.

Related posts:

They say too much of a good thing is bad. That sounds like two extremes to me. But isn’t that what it’s all about, staying away from the extremes — starving yourself; binge eating?

Y es que todos queremos terminar bien. Nadie quiere que su vida pase desapercibida, sea una pérdida de tiempo o quede truncada. Todos queremos llegar bien, dejar un legado, ser trascendentes. Que las…

My papa loved to fish. “Son, if it’s overcast and chilly at dawn, the fish’ll be biting. Sure bet for a big steelhead or rainbow. Pure good eatin’” After a steaming cuppa fresh joe, I grab my gear…