Believe it or not, COVID-19 didn’t slow the onslaught of ransomware. In fact, it increased. After all, with the rapid shift to employees working from home; many of the security protocols in place for organizations became either very porous, or completely obsolete. Data ransomers everywhere saw the opportunity and acted.
Our team does a lot of work with ransomware. Thankfully a lot of it is preparing and educating clients in advance of an attack. However, we’ve also been brought in during the aftermath of an attack to help organizations recover. As part of both processes, we spend a lot of time educating people. Helping people understand how ransomware works, and how every employee can play a part in data security is CRITICAL.
Because we’re not out delivering our training sessions, we though we’d share the highlights of our Ransomware 101 training. If you are in IT and have first hand experience with an attack, some of this may be review, but now you have a convenient resource to share with all the people outside IT who need to understand and be trained to detect suspicious activity. They need to understand that cybercriminals are targeting THEM as a means to get your organization’s valuable data.
Detecting a ransomware attack
Some of the telltale signs of a ransomware attack include:
- Systems seem to have slowed down. As the ransomware starts to encrypt your files, it will slow down your system. When you start to notice your system slowing down, take precaution, and check file shares for anomalies.
- Users receive a message like the following when opening files:
If your employees see similar messages when they are trying to access files that they had access to previously, it can be that the file was encrypted by ransomware.
Some users are locked out of their systems: This can be an early sign that the ransomware has encrypted your system.
Mitigate the spread
If you suspect that a ransomware attack has occurred, perform the following actions to ensure the attack is contained and does not further spread.
- Stop the infection from spreading by disconnecting all computers from the network.
- Stop backing up immediately to ensure the ransomware doesn’t compromise your backup data.
- Investigate the source of the attack and isolate it from the rest of the network.
- Utilize security infrastructure capable recognizing attack and isolating it.
Depending on the strand and speed of the ransomware attack, it is possible to contain the attack before your environment is fully infected. However, it is not an easy task. The best defense against ransomware is prevention. Prevent a ransomware attack by deploying a multi-layered security strategy to ensure your data is well-protected.
Post attack: Deploy a multi-layered security strategy
Cybercriminals are becoming increasingly savvy. While knowing the telltale signs of a cyberattack can help you contain an attack and limit the damage, it is always best to be proactive and take preventive measures to protect your company from becoming a victim in the first place. A sound multi-layered security strategy should include the following:
- Security awareness training: Cybercriminals are more sophisticated with account spoofing and account takeover. Educate employees in order to avoid unnecessary link-clicking and attachment opening from unknown senders.
- Security software: There are many antivirus software and email security solutions available to give an extra defense to fight ransomware and spam emails that may contain malicious attachments/links.
- Backup solutions:Ensure you have a reliable backup of data using a solution that can address malware in backups. These solutions should have the ability to prevent ransomware by filtering out malware from getting to the backups.
- Patch management: Be rigorous about staying up-to-date with patches, as many third-party software are commonly used as the exploit for ransomware attacks. Third-party vendors issue regular security updates to ensure that their software is not the cause of cyberattacks.
- Utilize built-in tools like File Server Resource Manager: File Server Resource Manager is a feature set in the File and Storage Services server role in Windows Server that helps administrators classify and manage stored data in file servers.
Want to learn more?
The very best defense on ransomware is a strong, multi-factor backup strategy. Our FlxStore solution provides the speed and agility of local backup with the redundancy and security of having a copy backed up automatically and securely to the cloud. Already using a backup service like Barracuda? Let’s talk. We always save you money. Plus when you really need help, that’s not the time to be working with someone half a world away.Schedule Discussion Session