Understanding where ransomware comes from

does ransomware come from
21 Oct, 2022 366 Views
1 Star2 Stars3 Stars4 Stars5 Stars (1 votes, average: 5.00 out of 5)

Most ransomware comes from email attachments and websites. There are, however, other ways you can be infected with ransomware. For example, it can be installed through physical storage or cyberattackers may attempt to infiltrate your servers. The good news is that it is possible to have very effective protection against ransomware with very little outlay.

All effective security starts with basic IT hygiene

Make sure that you only use operating systems (desktop and mobile) and locally-installed applications which are still supported by their developers. Commit to ensuring that all updates are applied promptly. If necessary get a managed IT service provider to take care of this.

Only use applications from reputable sources. If you use open-source software then have a plan in place for keeping it updated. Remember that the fact that it is community-managed means that no single person or organization has default responsibility for keeping it secure so you may have to take care of this yourself.

If you’re using free software, make sure it’s backed by a reputable developer. For legal reasons, it’s advisable to check that it’s free for business use, although this is a different issue. Be aware that a percentage of “free software” is actually malware. Never, ever, under any circumstances be tempted to use pirated software. Leaving aside the legality and ethics it’s known to be riddled with malware.

You need to run automated checks on emails and internet use

The use of email and the internet has become a bit of a challenge for many companies. On the one hand, in principle, many companies do not mind employees using either for personal business as long as it doesn’t interfere with their work. On the other hand, all email and internet use is now a security risk, and the more extensively it is used, the more the risk increases, hence there is a strong argument for at least reining in these freedoms.

Where email and internet use is permitted/necessary, then it needs to be carefully monitored. All email attachments should be scanned before they are allowed to be opened. All means all, no exceptions, no matter how urgent the communication purports to be or the seniority of the sender or recipient.

Similarly, you absolutely must have all internet usage monitored. It is now far too easy for staff to be tricked into clicking on malicious links, particularly on sites where short-links are commonplace, such as most social media platforms.

To make all this work, you need a robust anti-malware solution backed by a reputable cybersecurity company. For most organizations (and individuals) the best option is a cloud-based, all-in-one anti-malware solution. Any reputable all-in-one solution will have both a malware scanner and a firewall, most will have added functionality as well.

Using a cloud-based solution not only means that the vendor will take care of the entire updates process, but also that the resource-load will be pushed onto the vendor’s servers rather than the local devices. Using an all-in-one solution means that you will get everything you need at an economical price and be sure that it will work right out of the box.

It’s important to educate users as to what measures are being applied and why. It’s also important to make sure that they are made aware of current practices in social-engineering, particularly strategies that can be deployed over the phone as this is likely to remain a point of vulnerability for some time to come. Video-calls are especially vulnerable as they can provide scammers with additional visual clues.

You still need to protect your data

Sadly even the best protection currently available cannot ensure 100% protection against any malware. Ransomware is likely to be a particular threat as it is so lucrative that cyberattackers can afford to put a lot of effort into keeping it ahead of security tools and also using advanced social-engineering tactics to trick people into installing it.

Ransomware attacks have stopped being “just” about the ransom and have started to be strongly linked with data theft. This is another reason why all sensitive data should be kept encrypted. As a bare minimum, encrypt all personally identifiable data, including data collected from your own employees. This won’t stop ransomware but it will stop the cyberattackers from using your data.

You also need to take steps to ensure that you retain access to your data after a ransomware attack. For practical purposes, this means that you need an off-site data backup. This needs to be physically and logically separate from your local backup so it is completely isolated in the event of a ransomware attack. Ideally, it should hold data backups from different time points in case there is a delay in identifying the infection.

Please click here now to start your free 30-day trial of Xcitium AEP.


Related Sources:

Endpoint Detection
Endpoint Detection and Response

Cryptolocker Ransomware Removal
Ransomware Attacks
Ransomware Protection
Ransomware Removal
Ransomware Virus
IT Service Management ITSM
Deal With Ransomware Encrypted Files