Mitigating malware and ransomware attacks

How to defend organisations against malware or ransomware attacks? What are malware and ransomware?

Malware is malicious software, which – if able to run – can cause harm in many ways, including:

  • causing a device to become locked or unusable
  • stealing, deleting or encrypting data
  • taking control of your devices to attack other organisations
  • obtaining credentials which allow access to your organisation’s systems or services that you use
  • ‘mining’ cryptocurrency using services that may cost you money (e.g. premium rate phone calls).

Ransomware is a type of malware that prevents you from accessing your computer (or the data that is stored on it). The computer itself may become locked, or the data on it might be stolen, deleted or encrypted. Some ransomware will also try to spread to other machines on the network, such as the Wannacry malware that impacted many companies around the world in May 2017.

Usually, you’re asked to contact the attacker via an anonymous email address or follow instructions on an anonymous web page, to make payment. The payment is invariably demanded in a cryptocurrency such as Bitcoin, in order to unlock your computer, or access your data. However, even if you pay the ransom, there is no guarantee that you will get access to your computer, or your files.

Occasionally malware is presented as ransomware, but after the ransom is paid the files are not decrypted. This is known as wiper malware. For these reasons, it’s essential that you always have a recent offline backup of your most important files and data.

Should you pay the ransom?

Law enforcement do not encourage, endorse, nor condone the payment of ransom demands. If you do pay the ransom:

  • there is no guarantee that you will get access to your data or computer
  • your computer will still be infected
  • you will be paying criminal groups
  • you’re more likely to be targeted in the future

Steps to take if your organisation is already infected

If your organisation has already been infected with malware, these steps may help limit the impact:

  • Immediately disconnect the infected computers, laptops or tablets from all network connections, whether wired, wireless or mobile phone based.
  • In a very serious case, consider whether turning off your Wi-Fi, disabling any core network connections (including switches), and disconnecting from the internet might be necessary.
  • Reset credentials including passwords (especially for administrator and other system accounts) – but verify that you are not locking yourself out of systems that are needed for recovery.
  • Safely wipe the infected devices and reinstall the OS.
  • Before you restore from a backup, verify that it is free from any malware. You should only restore from a backup if you are very confident that the backup and the device you’re connecting it to are clean.
  • Connect devices to a clean network in order to download, install and update the OS and all other software.
  • Install, update, and run antivirus software.
  • Reconnect to your network.
  • Monitor network traffic and run antivirus scans to identify if any infection remains.

 If you liked this content, use the buttons below to share with your friends on social networks!

If you want to leave your opinion, remember that it is always positive and with respect. On the contrary, any aggressive opinion, conduct or expressions that go against respect, dignity, or constitute insults or slander will be blocked, and reported to the Authorities in accordance with the provisions of article 208 of the Spanish Penal Code. The crime of libel provides for a fine ranging from 3 to 14 months and for slander the penalty will be imprisonment from 6 months to 2 years or a fine from 6 to 24 months.

Deja una respuesta

Introduce tus datos o haz clic en un icono para iniciar sesión:

Logo de WordPress.com

Estás comentando usando tu cuenta de WordPress.com. Salir /  Cambiar )

Imagen de Twitter

Estás comentando usando tu cuenta de Twitter. Salir /  Cambiar )

Foto de Facebook

Estás comentando usando tu cuenta de Facebook. Salir /  Cambiar )

Conectando a %s

Subir ↑

A %d blogueros les gusta esto: