10 Tips for Companies to Avoid and Stop Ransomware

 
 
By Chris Preimesberger  |  Posted 2016-04-26
 
 
 
 
 
 
 
 
 
  • Previous
    1 - 10 Tips for Companies to Avoid and Stop Ransomware
    Next

    10 Tips for Companies to Avoid and Stop Ransomware

    We offer tips on how companies can avoid being infected by ransomware and how those who do fall victim can stop and mitigate damage from an attack.
  • Previous
    2 - Back Up Your Files
    Next

    Back Up Your Files

    It's simple, it's obvious and it directly addresses the purpose of the scam in the first place: If you already have up-to-date copies of all your files, there's no reason to pay the ransom to get them back. With services, such as Google Drive, Dropbox and Box, that can instantly back up files to the cloud, there is no reason companies should not have immediate back-ups.
  • Previous
    3 - Keep Your Malware and Detection Software Up-To-Date
    Next

    Keep Your Malware and Detection Software Up-To-Date

    Your detection systems are only as good as what they know, and with ransomware constantly morphing and changing signatures, keeping these applications up-to-date is critical. Mac users should make sure to automatically update XProtect. Windows people should be sure to update their endpoint protection software, antivirus and so on. There's nothing worse than being infected by a known threat that could have been stopped.
  • Previous
    4 - Keep Adobe Products Up-to-Date
    Next

    Keep Adobe Products Up-to-Date

    New ransomware attacks leveraging outdated versions of Adobe Systems products like Flash and Reader have led the company to push emergency updates for Windows, Mac OS X, Chrome and Linux-based computers. Flash Player is the most recent to be targeted; anyone with Flash Player installed on any computing device is urged to install the update immediately to avoid infection by the file-encrypting malware.
  • Previous
    5 - Use Multiple Security Products
    Next

    Use Multiple Security Products

    Ransomware authors test their code against antivirus products, email filters and endpoint detection products to maximize the chance that they get through. While buying every detection solution isn't likely practical, having multiple detection systems increases the chances of detection before the infection can happen.
  • Previous
    6 - Disable Macros by Default in Microsoft Office
    Next

    Disable Macros by Default in Microsoft Office

    Macros are an advanced feature in Microsoft Office that most people have no need to use or think about. But their ability to execute tasks within Word, Excel or PowerPoint documents that flow freely in and out of most inboxes—and are often opened without a second thought—make them a powerful tool for hackers. Microsoft has taken steps to minimize this threat by adding a new feature in Office 2016 to block macros from loading in certain scenarios. If your company has little or no use for macros, it would be smart to take advantage of this feature.
  • Previous
    7 - Get Alerts When Known Ransomware File Extensions Are Detected
    Next

    Get Alerts When Known Ransomware File Extensions Are Detected

    This post on Spiceworks includes a list of known ransomware file extensions. While this doesn't actually stop files from being encrypted and doesn't stop the infection from spreading, you can at least get an alert when ransomware is starting to spread so you can quickly take steps to stop it.
  • Previous
    8 - Automatically Quarantine Files With Known Ransomware File Extensions
    Next

    Automatically Quarantine Files With Known Ransomware File Extensions

    Some antivirus applications will allow you to write rules to automatically quarantine files matching a certain file extension. There's no reason not to do this as a means for stopping known threats.
  • Previous
    9 - Implement a Security Orchestration and Automation Solution
    Next

    Implement a Security Orchestration and Automation Solution

    Security orchestration and automation tools that are able to investigate every cyber alert and remediate malicious activities can shut down ransomware before it is too late. Even when ransomware is able to make it past email filters, antivirus—and a user clicks a link in an email to download the malicious files— these tools are able to kill processes, quara
  • Previous
    10 - Try a Ransomware Password Generator
    Next

    Try a Ransomware Password Generator

    Chances of being able to unlock encrypted files are fairly low, but it's worth a try. Security researcher Leostone has a tool that creates the password needed to unlock Petya encrypted files. You'll need to remove the startup drive and connect it to a non-infected Windows PC, grab some specific bits of data to plug into this app and craft your password.
  • Previous
    11 - Pull the Plug on Everything
    Next

    Pull the Plug on Everything

    When Lukas Hospital in Germany learned it was being attacked by ransomware, admins decided to "pull the plug on everything," cutting off Internet connectivity and shutting down all systems. Combining fast action and the availability of backed-up data, reportedly 85 percent of the hospital's operations were able to continue as normal after the attack. However, as most ransomware is persistent—running even after a reboot and not needing an Internet connection once installed, this is a last option at best—and in most cases, not feasible.
 

Practically every day, there is a new report of companies, hospitals and schools being targeted and compromised by ransomware. Once infected–often after an employee downloads and installs a malicious application–files are encrypted and renamed, and there is no way to get data back without paying adversaries for a key. Notably, this happened earlier this year to a hospital in Southern California, which had to pay $17,000 to get its files back. Because ransomware attacks have risen in volume and complexity, an increasing number of organizations have been forced to pay the ransom. The good news is that there are ways to fight back against ransomware. The following eWEEK slide show presents guidelines on how companies can avoid being infected by ransomware in the first place, and how those who do fall victim can stop and mitigate damage from an attack. This industry information is from Idan Levin, co-founder and CTO at Boston-based Hexadite, a security orchestration and automation provider.

 
 
 
 
 
 
 
 
 
 
 

Submit a Comment

Loading Comments...
 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
Rocket Fuel