As for ransomware countermeasures in a company, not only the countermeasures of the administrator in charge of the system but also the understanding of each employee is important. Let's consider the measures that can be taken separately for individuals and managers.
Personal Measures
Don't Open Email Links or Attachments Easily
A virus attack by email attempts to infect an unspecified number of people by sending it. Information that may be inadvertently opened, such as e-mails claiming to be real companies or public institutions, is posted. If you receive a suspicious email, please visit the homepage of the relevant company. If there is a report of damage caused by a virus, the relevant company may provide warning information on its website. Please do not open it easily unless it is a reliable email.
OS Update
Microsoft regularly releases OS updates as a countermeasure against vulnerabilities. Keep in mind that leaving vulnerabilities increases the risk of being attacked and infected with ransomware. Make sure to enable automatic updates and check Windows Update information regularly to fix vulnerabilities.
Administrator
Block Access to Malicious Sites
If the system is equipped with a web reputation function, security software will check the safety before accessing the website. By preventing access to unauthorized websites, you can reduce the risk of accessing sites with unreliable ransomware.
Antivirus for Endpoints
An endpoint is an English word that means an endpoint or an endpoint, and in IT terms, it refers to a terminal connected to a network. Security software that implements endpoint countermeasures uses post-startup control technology that protects the PC even after the application is started. When an application that has entered the PC is launched, it temporarily isolates the process to block intrusion into the endpoint.
Depending on the product, the startup location and source are confirmed before the application is started, and the registry key is changed or memory protection is performed after the application is started. Even if the pre-start control is cleared by the user's permission, it will continue to monitor after startup, so it will prevent attacks from ransomware with a high probability.
Make Frequent Backups
Make frequent backups of your file server, considering the possibility of getting infected with ransomware that has bypassed countermeasure software and vulnerability countermeasures. In the unlikely event of an infection, you can minimize the damage by restoring the data from the backup. It has also been reported that not only PCs infected with ransomware but also access shared files and data in drives are encrypted. Try to back up all the servers you manage, not partial backups.
Also, Back-Up Your System
Even if you have a backup of your important files, the ransomware can infect your PC and make it unusable. By backing up your system, even if you are infected with ransomware, you can restore it to an uninfected state. However, system backup is not 100% successful.
As for the system backup method, Windows has functions such as "System Restore" and "System Image Backup". System Restore automatically creates a restore point, and if something goes wrong with your PC, you can revert to that point. If you restore with this function, the system state will return to that point, but image files, document files, etc. will basically remain as they are.
When backing up a system image, image files and document files are also copied together as they are at that time on the PC. Some files are not copied, but since the system is copied as it is, it is effective as a backup in case something happens to the PC. However, it is recommended that you back up the files separately, as you will lose the files you saved after you created the system image.
Use a Decryption Tool
Each security vendor that provides security software provides a free tool for decrypting files encrypted by ransomware.
If the damage caused by the ransomware is confirmed, the security vendor will take measures, so it may be possible to remove the ransomware with a decryption tool and recover the data.
Use the Support of Security Software
If you don't know how to deal with ransomware in-house, you can use the support of the security software you have installed. With the right support as soon as possible, you can minimize the damage caused by ransomware.
If you have not installed security software, you can consult with your Internet provider or PC shop.
If You Get Infected
Even if countermeasures are taken, it may not be possible to counter the newly developed virus. Of course, proactive measures are essential, but let's also understand what to do if you get infected.
Block Infected Devices From the Network
If you share files with other terminals on the network, the damage may spread to other terminals. If you notice an infection, try "disconnecting the LAN cable" or "turning off the wireless" to block it from the network and reduce the damage.
Try the Restore Tool
You may be able to get your data back with System Restore, which you can use with Windows. However, this method is not certain and ransomware may remain even with System Restore.
Return Data From Backup or Cloud
If you have a backup, you can restore the data from it. Even if you are using cloud storage, you may be able to restore from the file change history or restore deleted files, so let's check.
Do Not Respond to the request of the Other Party
"To meet the demands of the attacker", this choice is the last resort but never recommended. If the data has a fatal impact on the business, should we consider meeting the demand? However, even if you do, there is no guarantee that the ransomware will be released. If it was a monetary request, there is no guarantee that the data will be returned, so the worst case of losing money and data is possible.
Preliminary Measures to Protect Profits Are Important
Ransomware, also known as the ransom virus, has changed in size and shape and has been reported several times. Employees should have a common understanding of measures such as not running untrusted software and not opening email attachments easily. Some security software asks you to check before running the software, but ransomware may get into your PC unintentionally. Therefore, endpoint security software that prevents unauthorized movement after software execution is also effective.
Comments
Post a Comment