Throughout the last week, we have heard about the Ransomware attack that took place globally and many organizations became victims of the malicious “WannaCrypt,” “Wannacry” software. Ransomware is the type of malicious software designed to block/encrypt access to a computer system until a sum of money is paid.
Ransomware is like the kidnapping where someone takes something valuable from you and asks for money to get the thing back.
Ransomware works when your computer is infected with a malware, this can happen when someone send you a link to access a malicious site or download attachment in an email. The software is usually hidden with the link, and when the link is accessed the computer is infected, and the malicious software is downloaded which starts encrypting your data files.
Ransomware encrypts data on the computer using an encryption key that only the attacker knows. If the ransom isn’t paid, the data is lost forever.
Here are some prevention steps:
- First, is to be cautious and be aware to whom you are responding and if it is from a genuine Source. You can get to know the authenticity of mail by using a PhishPro application which will help you decipher whether the email is a You can report the suspicious email for a security analyst to validate the email and respond back to you within specified timeframe. Visit https://www.phishpro.com/
- Users should regularly back up their data. Up-to-date backups make it possible to restore files without paying a ransom.
- Back up all information to an offsite location.
- Patch early and patch often: Attackers mostly rely on the unpatched browser plugin for Success. While frequent updates can seem a nuisance, they can play a critical role in keeping you protected. So, keep all software up to date, including operating systems and applications.
- Track inventories of all your digital assets and their locations, so cyber criminals do not attack a system you are unaware of.
- Segment your network: Don’t place all data on one file share accessed by everyone in the company.
- Instruct information security teams to perform vulnerability and penetration testing to find any open issues.
- Develop a communication strategy to inform employees if a breach in the company network.
- Train staff on cyber security practice. There are several security awareness trainings available in PhishPro. You can avail those after registering.For sign up, please visit https://www.phishpro.com/SignUp.