0861 IRON MTN (0861 476 668)

How to Prevent and Recover from a Ransomware Attack

When it comes to a Ransomware attack, prevention is better than cure.

If you read our article, ‘What is Ransomware and What Does it Do?’ you will be familiar with its manner of operation and the terrible harm it can do.

Ransomware is an ever popular hacking tool as it’s ability to generate ill-gotten gains is quite amazing. Companies large and small around the world are targeted and ransoms totaling tens of millions of dollars have been paid over by these companies.

Interestingly, according to security firm Trend Micro, two thirds of victims pay the ransom. This is due possible due to the low perceived costs of paying but also to a large degree to save the company a great deal of embarrassment and negative publicity with regards to their information security.

South African firms have not escaped. In fact according to Kaspersky Lab, South Africa has experienced the sixth highest number of attacks (220) out of 114 countries where Locky, a more recent ransomware variation was used.

 

Types of Ransomware Attack

Once you know that ransomware exists you are already in a better position. Awareness of a threat always comes before mitigation actions.

There are many types of ransomware and it is certainly useful to know more about each one. This article does not discuss these, however, here is a list of some of the main ones.

  • Cryptolocker
    • Infected over 250 000 computers
    • Generated $ 30 million dollars in ransoms
    • Taken down by law enforcement in 2014
  • Torrentlocker
    • Released in 2014
    • Utilising components from Cryptolocker & Cryptowall
    • Distributed via emails that look like shipping notices
  • Cryptowall
    • Detected in 2013
    • Steals data from infected systems

 

Preventing a Ransomware Attack

The first step is to educate employees about the dangers posed by attachments and links that come from suspicious senders.

While organised motivated hackers who have may target specific companies may do enough homework on their victims to disguise emails to look like they are from a service provider or partner, most emails will be from senders who are not already known to the recipient.

A policy of, ‘If in doubt delete!’ may not be a bad one to follow failing the ability to verify the identity of the sender without clicking on attachments or links.

Firewalls and spam filters also play a part but do not guarantee that ransomware emails will not get through.

Six Actions to Take When Attacked

  1. Shut down all file sharing if you suspect or know you have been attacked
  2. Run a comprehensive anti-virus scan to locate the attacking file and help determine when and how the attack got through
  3. If you can determine how you got hacked then take measures to close that vulnerability or you might simply get hacked again
  4. Determine how much damage has been done and assess what can be done to fix it
  5. Quarantine or delete the virus and any infected files if you can
  6. Use backups to restore your files after running a scan on them too to see if they are infected too

 

Picking Up the Pieces After a Ransomware Attack

It may happen, that despite taking preventative measures, you fall victim to an attack.

Dealing with this attack in a way where you come out on top relies on one more preventative action mentioned above. Backups of your information and systems.

Having offsite and/or cloud backups will allow you to restore your systems and files. The more up to date these backups are the better. You will however need to have a versioning feature as backups can also be infected. The ability to roll back to a backup prior to infection can save you a fortune, not to mention your reputation. Frequent or continuous backups are highly recommended.

Offsite backups are also highly valuable as ransomware does exist that will actively seek out backup copies of files.

For more information about data backups, restores and offsite data storage, get in touch with Iron Mountain today for expert advice and service.