According to the FBI, many ransomware hackers are located in Eastern Europe
Do not have time to read? You can listen to this article below.
According to a recent study, if you apply the basic security measures outlined in Part I of this article, you’ll reduce the risk of malware/ransomware infection by 90%. With the risk so high, I’d like to share some additional protective strategies.
Pay the ransom?
Many organizations have paid ransoms to re-access their data despite the advice of Federal authorities not to do so. Be aware, however, that if you pay there’s no guarantee the criminal hackers will give you the key to decrypt your files.
According to the FBI, many ransomware hackers are located in Eastern Europe and other offshore locations that are shielded by elusive internet infrastructures. Government IT security experts recommend that all victims of ransomware contact their local FBI field office and consider securing the services of a reputable private Internet security consultant. By doing so, authorities have a shot at neutralizing botnets and other mechanisms that allow these attacks to begin with.
If you suddenly realize you have opened an attachment that you believe may be ransomware, there may be enough time to stop it from completely taking control of your system.
Immediately do the following–
- Disconnect from The Internet/WiFi Because it takes some time to encrypt all your files, you may be able to stop the malware before it succeeds in seizing all your files. This means you need to move more quickly than it–an iffy proposition.
- Use System Restore. If you have System Restore enabled on your Windows computer, try taking your system back to a previous clean state. Unfortunately, newer versions of Cryptolocker and other ransomware quickly delete old file versions before you can execute
Additional basic strategies
- Educate Your Users about Security. If your employees don’t fully understand the threat of unsolicited email phishing, you could be in deep trouble. Train them carefully on this and all other security threats.
- Create a Separate Portal for The Internet. Workers needing unrestricted internet access should be provided a separate external portal.
- Use Internet Ad Blocking. When online, employees should avoid ‘malvertisements’ that target individuals based on their online identifiers and browsing history. These attacks are especially dangerous because they are perpetrated by criminals who often have gained an accurate idea of the victim’s ability to pay.
- Scan the Content of Inbound Emails to Validate Their Origin. Unfortunately, few corporations authenticate inbound email based on IP address and server domain. Companies having such protection too often only quarantine questionable emails without deleting them completely. Check out Sender Policy Framework (SPF) as well as Domain Message Authentication Reporting and Conformance (DMARC), and DomainKeys Identified Mail (DKIM).
- Protect Your Email Servers. Establish scanning protection for all your incoming, outgoing, and stored server mail to add another level of protection to your system’s perimeter defenses.
In my next and final installment of this Insights article, I’ll describe three, higher-level strategies that provide the highest level of ransomware protection.