Ransomware is a type of malicious software cyber actors use to deny access to systems or data. The malicious cyber actor holds systems or data hostage until the ransom is paid. After the initial infection, the ransomware attempts to spread to shared storage drives and other accessible systems on the local network. If the demands are not met, the system or encrypted data remains unavailable, or the data may be deleted.
How do I protect myself or my organization?
A commitment to cyber hygiene and implementing security best practices are critical to protecting your organization. Here are some questions you may want to ask of your organization to help prevent ransomware attacks:
- Backups: Do we backup all critical information? Are the backups stored offline? Have we tested our ability to restore from a backups during an incident?
- Risk Analysis: Have we conducted a cybersecurity risk analysis of the organization?
- Staff Training: Have we trained staff on cybersecurity best practices?
- Vulnerability Patching: Have we implemented appropriate patching of known system vulnerabilities? Are we patching our systems on a regular basis?
- Endpoint Security: Have we implemented proactive endpoint security software to protect our compute assets from infection?
- Application Whitelisting: Do we allow only approved programs to run on our networks?
- Incident Response: Do we have an incident response plan and have we exercised it?
- Business Continuity: Are we able to sustain business operations without access to certain systems? For how long? Have we tested this?
- Penetration Testing: Have we attempted to hack into our own systems to test the security of our systems and our ability to defend against attacks?
How do I respond to Ransomware?
Implement a security incident response and business continuity plan. It may take time for your organization’s IT professionals to isolate and remove the ransomware threat to your systems or restore data and normal operations. In the meantime, you should take steps to maintain your organization’s essential functions according to your business continuity plan. Organizations should maintain and regularly test backup plans, disaster recovery plans, and business continuity procedures.
Fortify 24×7 is committed to helping individuals and organizations maintain control of their IT systems. Fortify 24×7 offers a suite of comprehensive security services as well as disaster recovery and business continuity planning. Fortify 24×7 also offers the Cylance PROTECT endpoint protection software – stop merely detecting attacks, prevent them. Cylance PROTECT is the only enterprise endpoint solution to block threats in real time BEFORE they cause harm.