10 Tips for Companies to Avoid and Stop Ransomware

We offer tips on how companies can avoid being infected by ransomware and how those who do fall victim can stop and mitigate damage from an attack.

It’s simple, it’s obvious and it directly addresses the purpose of the scam in the first place: If you already have up-to-date copies of all your files, there’s no reason to pay the ransom to get them back. With services, such as Google Drive, Dropbox and Box, that can instantly back up files to the cloud, there is no reason companies should not have immediate back-ups.

Your detection systems are only as good as what they know, and with ransomware constantly morphing and changing signatures, keeping these applications up-to-date is critical. Mac users should make sure to automatically update XProtect. Windows people should be sure to update their endpoint protection software, antivirus and so on. There’s nothing worse than being infected by a known threat that could have been stopped.

New ransomware attacks leveraging outdated versions of Adobe Systems products like Flash and Reader have led the company to push emergency updates for Windows, Mac OS X, Chrome and Linux-based computers. Flash Player is the most recent to be targeted; anyone with Flash Player installed on any computing device is urged to install the update immediately to avoid infection by the file-encrypting malware.

Ransomware authors test their code against antivirus products, email filters and endpoint detection products to maximize the chance that they get through. While buying every detection solution isn’t likely practical, having multiple detection systems increases the chances of detection before the infection can happen.

Macros are an advanced feature in Microsoft Office that most people have no need to use or think about. But their ability to execute tasks within Word, Excel or PowerPoint documents that flow freely in and out of most inboxes—and are often opened without a second thought—make them a powerful tool for hackers. Microsoft has taken steps to minimize this threat by adding a new feature in Office 2016 to block macros from loading in certain scenarios. If your company has little or no use for macros, it would be smart to take advantage of this feature.

This post on Spiceworks includes a list of known ransomware file extensions. While this doesn’t actually stop files from being encrypted and doesn’t stop the infection from spreading, you can at least get an alert when ransomware is starting to spread so you can quickly take steps to stop it.

Some antivirus applications will allow you to write rules to automatically quarantine files matching a certain file extension. There’s no reason not to do this as a means for stopping known threats.

Security orchestration and automation tools that are able to investigate every cyber alert and remediate malicious activities can shut down ransomware before it is too late. Even when ransomware is able to make it past email filters, antivirus—and a user clicks a link in an email to download the malicious files— these tools are able to kill processes, quara

Chances of being able to unlock encrypted files are fairly low, but it’s worth a try. Security researcher Leostone has a tool that creates the password needed to unlock Petya encrypted files. You’ll need to remove the startup drive and connect it to a non-infected Windows PC, grab some specific bits of data to plug into this app and craft your password.

When Lukas Hospital in Germany learned it was being attacked by ransomware, admins decided to “pull the plug on everything,” cutting off Internet connectivity and shutting down all systems. Combining fast action and the availability of backed-up data, reportedly 85 percent of the hospital’s operations were able to continue as normal after the attack. However, as most ransomware is persistent—running even after a reboot and not needing an Internet connection once installed, this is a last option at best—and in most cases, not feasible.