RANSOMWARE is most happening thing in technology this article is focusing on latest variants and attacking vectors and on serious note biggest threat.
Ransomware is the fastest growing and most lucrative form of malware, cyber criminals can leverage today, leading to an escalating upswing in new Ransomware development each month.
Be careful there is no silver bullet which can effectively protect infecting with scareware (Ransomware). They are highly sophisticated and not only encrypts files on a victims’ computer but also attacks any files on connected storage devices, network shares, system restore points and volume shadow copies. And now in some variants they are infecting the cloud services like Google Drive, AWS, Dropbox etc. It also steals cryptocurrency wallet funds stored on your system. There are several new types of Ransomwares : ZEPTO, BART, CERBER, CRYPTXXX following :
WHY AREN’T BACKUPS WORKING?
To save money, some organizations don’t include all their important files in their backups, or don’t run their backups often enough. Others don’t test their backups and find out that the systems don’t work only when it’s too late. Finally, some companies put their backups on network drives that Ransomware can easily find and jump to and encrypt.
Educational as well Hospital sector are mostly targeted, the quickest way to restore the systems was to pay the Ransomware. No decryption is possible as normal infrastructure until have Private key. Your only option for recovering the files is to have a back-up available or pay the ransom.
Ransomware Tips: Some Effective Tips
Ransomware what Next: Needs to implement
FIRST RESPOND PROCEDURE FROM SOLUTION PROVIDER
- Initiating by notifying insurer regarding this incident, obtain technical legal respond from party(client) itself.
- Asking about Backup (BCP) or other policies, network sharing architecture and most important which variants are affected.
- Hopefully figure out what happened, how it happened, when it happened, how to keep it from happening again and even possibly track down the perpetrators.
- Client mainly focuses on their data and they least bother about how they get infected. Our response depends on the client’s scope of work; initiate with identification of infected systems.
- Perform Multiple checklists.
- Forensic imaging, analysis about IoC, browser history, Mails, events from DLP, SIEM firewall logs whatever endpoint security placed.
- Looking for the variant (Ransomware) is old or if their decryption tools are avail in the market then have to go with that.
- If required then run certain plug n play tools (Hitman pro, Spyhunter, Emsisoft, Kaspersky etc.), Treat Anti-Malware to cleaning up the ransomware infected file.
- Backup important data
- Always ensure your software package is up-to-date
- Always check who the email sender is
- Refrain from clicking links in email
FOR MORE DETAILS: