Part 3: 5 Steps to Defend Against a Ransomware Attack
In Part 3 and final post in our Ransomware series, we take a look at how to defend against a ransomware attack. How do you best prime your defences?
Cyber crime is big business, often carried out on an industrial scale. While the financial implication of a ransomware attack varies, the business impact is unquestionably large.
The Phases of a Ransomware Attack
Regardless of whether it’s a mass distribution, or a targeted attack, there are 5 distinct phases of a ransomware attack.
Phase 1: Exploitation and Infection
Phase 2: Delivery and Execution
Phase 3: Backup Spoliation
Phase 4: File Encryption
Phase 5: User Notification and Clean-up
Now that we understand how ransomware typically works, we can prepare our defences.
5 Steps to Defend Against Ransomware
- Patch Aggressively – Malware often exploits known vulnerabilities.
- Protect Your Endpoints
- Create (and Protect) Backups – Ransomware destroys backup files and encrypts regular files.
- Assign Least Privileges – To limit damage caused by ransomware.
- Educate Users – An essential component of an effective defence.
- Connect with Intelligence Sources
- Prepare an Incident Response Plan – Specifically for a ransomware attack.
- Get Cyber Insurance Cover
- Prime Your Defences
- Screen Email – For Malicious Links and Payloads, such as phishing emails
- Blocks Executables – Where ransomware typically executes from (%APPDATA% and the %TEMP% folder).
- Look for Signs of Encryption and Notification
- Kill the Processes – Killing the running processes is the best method of containment.
- Isolate the Endpoint
- Replace, rebuild or clean machines. It is sometimes difficult to know if residual file remain – undiscovered. Complete replacement of the affected machine can often be a more pragmatic and efficient approach.
- Restore from back-up. A clean back-up.
- Investigate and understand the threat vector, to better protect yourself in the future.
Download the full guide:
Your organisation’s success in defending against a ransomware attack is largely dependent on your level of preparation and the tools you deploy to monitor your systems to detect, respond to and neutralise suspicious activity.
Comtact are experts at assessing your cyber security readiness. Why not request a vulnerability assessment, or just ask us a question?