Comtact

Part 3: 5 Steps to Defend Against a Ransomware Attack

How does ransomware work?In Part 3 and final post in our Ransomware series, we take a look at how to defend against a ransomware attack. How do you best prime your defences?

Cyber crime is big business, often carried out on an industrial scale. While the financial implication of a ransomware attack varies, the business impact is unquestionably large.

The Phases of a Ransomware Attack

Regardless of whether it’s a mass distribution, or a targeted attack, there are 5 distinct phases of a ransomware attack.

Phase 1: Exploitation and Infection

Phase 2: Delivery and Execution

Phase 3: Backup Spoliation

Phase 4: File Encryption

Phase 5: User Notification and Clean-up

Now that we understand how ransomware typically works, we can prepare our defences.

5 Steps to Defend Against Ransomware

1. Prepare

  • Patch Aggressively – Malware often exploits known vulnerabilities.
  • Protect Your Endpoints
  • Create (and Protect) Backups – Ransomware destroys backup files and encrypts regular files.
  • Assign Least Privileges – To limit damage caused by ransomware.
  • Educate Users – An essential component of an effective defence.
  • Connect with Intelligence Sources
  • Prepare an Incident Response Plan – Specifically for a ransomware attack.
  • Get Cyber Insurance Cover

2. Detect

  • Prime Your Defences
  • Screen Email – For Malicious Links and Payloads, such as phishing emails
  • Blocks Executables – Where ransomware typically executes from (%APPDATA% and the %TEMP% folder).
  • Look for Signs of Encryption and Notification

3. Contain

  • Kill the Processes – Killing the running processes is the best method of containment.
  • Isolate the Endpoint

4. Remove

  • Replace, rebuild or clean machines. It is sometimes difficult to know if residual file remain – undiscovered. Complete replacement of the affected machine can often be a more pragmatic and efficient approach.

5. Recover

  • Restore from back-up. A clean back-up.
  • Investigate and understand the threat vector, to better protect yourself in the future.

Download the full guide:

Your organisation’s success in defending against a ransomware attack is largely dependent on your level of preparation and the tools you deploy to monitor your systems to detect, respond to and neutralise suspicious activity.

Ransomware Part 3: Guide to detecting a ransomware attack

Comtact are experts at assessing your cyber security readiness. Why not request a vulnerability assessment, or just ask us a question?