As long as the internet remains the driving force behind personal and professional connectivity, ransomware shall always be a ubiquitous threat to every individual and business who store any kind of sensitive data. The Modus operandi of hackers has always been to target organizations through the vulnerabilities in their networks/infrastructure or their employees. After a security incident, an organization can take several months to recover and according to various experts, it could also have long term effects on the organization.
It is noticed that a lot of small to medium businesses fall for ransomware without these incidents being reported due to various reasons and only a few large corporates get noticed in the media when a security incident happens. It is reported that these companies have paid in excess of $300 million as ransom.
Usually, clickbait is used to prey on the weaknesses of employees by the threat actors. Employers who allow social media access to their employees, open the doors for hackers to plant ransomware. Fake viral videos or advertisements are though which the ransomware is planted and distributed through the organization’s networks, post which sensitive information is encrypted, and the demand for a ransom is made.
Commonly the ransomware is unknowingly spread through the network by sharing of files through servers after it has gained access by sneaking into the network. Once the ransomware gets to the server, the server spreads the infections and every file on the network gets encrypted. The entire process starting from entry to infection takes barely minutes.
How can networks be protected?
The first step towards protecting networks is providing users with training and awareness about cyber attacks and how they can help curb such attempts. Organizing training for the entire workforce is a good practice. Scheduling training for them once a week will keep them updated on how to spot signs of a malicious attack and how they can help protect the network by not clicking on unverified links that can introduce the ransomware to the network.
Fortifying the security footprint comes next. All downloadable attachments should be scanned by a potent antivirus. Security should be standardized on the web pages and social media links that can be clicked by the employees. Arguable content and advertisements should be blocked on the network so employees don’t click on them leading to the introduction of the ransomware into the system.
Some other important measures include keeping the antivirus definitions updated and pushed to every machine on the network along with maintaining regular backups and storing these backup on separately segregated servers.
What if the network is still infected?
In a worst-case scenario, if the network is still infected then the infected system should be isolated from the rest of the network, to curb the spread of the infection. The rest of the systems on the network should be restarted after the infected system is disconnected from the network. And such a breach should always be reported to the proper authorities, irrespective of the size of the organization.
To read more, please check eScan Blog