Ransomware Attack. A Nightmare for Any IT team

News about ransomware attacks has made rounds everywhere – whether it’s social media, news, or even messaging apps. So what exactly is it? What are these attacks about?

It is a type of malware that encrypts disks, files, and eventually blocks computers. The attacker/hacker then requests a ransom for the decryption tool that must be paid on time. The victims of the attack are faced with a pop-up window, which tells them that their files are now encrypted/blocked and now they have to send $ 300 through the bitcoin cryptocurrency.

Ransomware attacks also involve delivering malware through phishing emails that block your valuable data resources and then at the request of the ransom to release them. One of the simplest ways for hackers could be – checking the victim’s social media accounts and creating a fake email address that pretends to be a friend or a common contact to get the victim to click on the infected attachment or link.

How Ransomware attacks did affect companies in the last year?

According to the annual report released by a SonicWALL security team, their global intelligence network has seen around 3.8 million ransomware attacks attempted in 2015. Which was a modest increase from the 3.2 million raised in 2014. , around 19%.

Ransomware attacks have grown rapidly. In total, SonicWALL reports 638 million. This means more than 167 attacks in 2015. Beyond the staggering volume of attacks, there are huge sums of money that individuals and paid organizations (hopefully) decrypt their files. Although it’s hard to give a really accurate total – not everyone affected by ransomware is keen to talk about such incidents – SonicWALL’s report estimates that in the first quarter of 209, approximately $ 2016 million was paid in transactions.

Now, in 2017, the first infections were reported around the afternoon in the UK on the 12th of May 2017 (Friday). First, there were reports of the largest telecommunications company in Spain being hit with pop-up windows demanding a $ 300 ransom to access files. Then at least 16 hospitals in England’s National Health Service were affected, blocking doctors and nurses from keeping track of patients unless they paid. The first of these attacks on networks around the world were reported on Friday.

These attacks typically exploit a specific vulnerability in a server, application, device, or software. The impact of these attacks influences both the level – the individual user level, and the level of the company.

What measures should be taken?

  • Don’t click hyperlinks from unknown sources without establishing the authenticity of the link, even from known sources.
  • Implement a DLP Solution which will help you protect your personal data and information and prevent them from being stolen or lost. Back up all digital content to a secure location outside the organization’s secret location.
  • Share Backup: Share your digital assets and share your backup locations. Don’t put all your data on one backup file and share it.
  • Develop a secret communication channel and strategy to quickly inform all employees if a virus reaches the company’s network.
  • Make sure all devices and systems are well protected with the latest firewalls and antivirus systems.
  • Prepare an updated inventory of all “Digital Assets” in various locations/facilities used by various officials of the organization.

What is DLP Solution doing to protect your data?

  1. Network monitoring
  • Configure alerts and block communication with harmful IP addresses;
  • Allow the aforementioned IP addresses for access to files.
  1. Traffic monitoring
  • Comparison and correlation of traffic volume with base number;
  • Https and Http monitoring to protect the suspicious URLs mentioned above.
  1. Behavioral analysis by monitoring the logs of all devices, including operating systems
  • Instant alert for security breaches;
  • Track who accesses your sensitive data and at the same time block the unauthorized user.