Your Organization Is Infected–Now What?

 
 
By Karen A. Frenkel  |  Posted 08-12-2015 Email
 
 
 
 
 
 
 
 
 
  • Previous
    Your Organization Is Infected–Now What?
    Next

    Your Organization Is Infected–Now What?

    These 10 tips from two renowned cyber-security pros offer help after your organization is hit with ransomware.
  • Previous
    When Stricken, Disconnect
    Next

    When Stricken, Disconnect

    Immediately disconnect the infected computer from any network. Turn off all wireless capabilities (wi-fi or Bluetooth). Unplug storage devices, such as USB or external hard drives. Do not erase anything or clean up any files or antivirus.
  • Previous
    Determine the Scope
    Next

    Determine the Scope

    To determine the extent of file infrastructure compromise, ask whether the infected machine had access to shared drives, folders, network storage, external hard drives, USB memory sticks for cloud-based storage (DropBox, Google Drive, Microsoft one Drive/Sky Drive, etc.)
  • Previous
    Inventory For Signs of Encryption
    Next

    Inventory For Signs of Encryption

    Check for a registry of file listings that has been created by the ransomeware. There are tools specifically made to list encrypted files.
  • Previous
    Determine the Strain
    Next

    Determine the Strain

    You must know which ransomware you're dealing with. Each follows this basic pattern: encrypting your files and then asking for payment on deadline. However, knowing the version will help you make more informed decisions.
  • Previous
    Evaluate Your Responses
    Next

    Evaluate Your Responses

    You have four options, from best to worst: Restore from a recent backup, Decryptor files using a third-party decryptor, Do nothing and lose your data, Negotiate/Pay the ransom
  • Previous
    Protecting Against Ransomware
    Next

    Protecting Against Ransomware

    Secure your main layers of defense. Think of your network as a series of layers. The outermost layer is the user. Secondary and tertiary layers (firewalls and antivirus) kick in after a user has clicked or visited a malicious link. Software alone is not a catchall: train users to prevent such attacks.
  • Previous
    Security Awareness Training
    Next

    Security Awareness Training

    Hackers and malware creators constantly change ways to trick users. Users need training on the basics of IT and email security and an awareness of the changing tactics of threat vectors.
  • Previous
    Phish Your Employees
    Next

    Phish Your Employees

    Simulate phishing attacks to let your IT group know who is vulnerable and train them to avoid potential harm. When your group knows the organization's phishing them, they'll pay extra attention to what's coming through their inboxes.
  • Previous
    Anti-Virus, Anti-Spam/Phishing and Firewalls
    Next

    Anti-Virus, Anti-Spam/Phishing and Firewalls

    Software-based protection is vital. By isolating directories with a software restriction policy, you can cut down on your susceptibility to infections. You can also reduce the chance of ransomware infections by using specialized software that scans for these types of infections.
  • Previous
    Backups
    Next

    Backups

    Regularly back up your files and use a regularly tested restore procedure. With all the onsite and cloud-based backups, there's no excuse for not regularly backing up. Always have an offsite or redundant backup in place.
 

Protecting your network from ransomware is an integral part of any network security framework for both individuals and companies. It's also important to have a plan of action once you know you've been stricken. Stu Sjouwerman, founder and CEO of KnowBe4, realized that the human element of security was being seriously neglected, so he teamed up with Kevin Mitnick, a computer security consultant, author and hacker, to help organizations manage the problem of cyber-crime social engineering tactics through security-awareness training. "People are used to having a technology solution [but] social engineering bypasses all technologies, including firewalls," Mitnick said. "Technology is critical, but we have to look at people and processes. Social engineering is a form of hacking that uses influence tactics." Their company hosts an integrated Security Awareness Training and Simulated Phishing platform. The author of four books, Sjouwerman's latest is the best-seller, Cyberheist: The Biggest Financial Threat Facing American Businesses. Sjouwerman outlines what to do when under attack.

 
 
 
 
 
Karen A. Frenkel writes about technology and innovation and lives in New York City.

 
 
 
 
 
 

Submit a Comment

Loading Comments...