Ransomware Attacks: Strategies to Recover and Prevent Them

June 27, 2019

Chances are you’ve been warned never to download files or click on links from unknown senders. This is, in part, because of the prevalence of ransomware, a type of malware that denies you access to your data with the (often false) promise that the data will be restored in exchange for hundreds or even thousands of dollars.

There are a few ways ransomware can infect a device. Unsuspecting users might download and install ransomware when they click on links, visit web pages, or download files, applications, or web programs that are infected with malicious code. These links and files can be found in phishing emails, infected email attachments, on social media, in malvertising and infected web pop-ups, and more.

Ransomware is covert by nature and difficult to detect by many users. In order to give you a better understanding of how to mitigate the threat of ransomware, we’ll first go over how, exactly, ransomware works. After that, we’ll discuss how to detect and prevent ransomware attacks on your devices.

How Does Ransomware Work?

Once your device is infected, ransomware scans the files on your device and encrypts them, locking your data and making it inaccessible. The ransomware notifies the user about the infection, providing detailed payment instructions that the user must follow in order to get the decryption key and unlock their data. The instructions will include a payment link which, when clicked, will typically provide the attacker’s Bitcoin address.

It’s important to note that despite the attacker’s promises, there is no guarantee that the attacker will actually send the decryption key once the payment is made. Users should also note that ransomware doesn’t necessarily attack immediately, but can instead wait to strike until the device is particularly vulnerable.

How to Respond to a Ransomware Attack

If you find that one of your personal or company devices has been attacked by ransomware, don’t panic – an efficient, methodical approach can help you recover with minimal damage.

As a first step, identify the machine that was initially infected. This is particularly important for company devices since ransomware can spread from one machine to another through your network. Once you locate the infected machine or machines, unplug them from the network to prevent the infection from spreading. You should notify all employees – including remote workers – to unplug their devices from the network as well. If your company has an IT team, cybersecurity provider, or help desk, you should involve them immediately.

Do not pay the ransom. Doing so does not guarantee you’ll get your data back, and it only encourages hackers to continue these types of attacks in the future. Instead of panicking or paying up, notify your security professional right away so that they can resolve the issue and prevent against future attacks.

Prevention and Detection of Ransomware Attacks

Mitigating ransomware attacks is a twofold process, one that involves identifying suspicious activity as well as taking preventative measures against future security breaches:

Detection

By detecting ransomware attacks right away, you can protect against further harm. Setting real-time alerts prevents the infection from spreading by automating the identification and blocking of ransomware. You can also use deception-based detection, which identifies encryption behaviors during the first stages of the attack to contain the attack right away. Finally, keeping a detailed audit of how users access files is a great way to help investigators obtain information about the source and breadth of the problem.

Prevention

In addition to identifying malicious activity, you should implement strong cybersecurity practices to guard against ransomware attacks in the future. These preventative measures include keeping your devices’ operating systems up to date, tightening your browser security settings, and installing anti-malware software. Be sure also to disable Adobe Flash and macros, both of which can make your devices more vulnerable to infections. On top of that, you should back up all your data to ensure that even in the event of a successful attack, you or your company won’t be hit too hard.

For companies and organizations, educating your employees is a critical part of effective cybersecurity protocol. Invest some time in training all employees, regardless of their position, in cybersecurity awareness and response. Teach your employees cybersecurity best practices such as not clicking on questionable links or downloading unknown files, and show them how to identify and alert authorities about suspicious activity.

Only with a strong ransomware response protocol in place, effective ransomware detection software, and general preventative measures can you ensure that you and your company are protected.

Shachar Shamir is COO of Ranky, a marketing company based in Tel Aviv. As Ranky’s COO, Shachar helps startups around the world with their marketing and online growth needs.

With the advent of Internet of Things (IoT) technology and Industrial Internet of Things (IIoT), the cyber security practices are increasingly getting integrated with the physical security practices.

We will provide insight on NDAA Section 889 and how the act has evolved and impacted business, so that organizations can better mitigate risk and stay compliant.