Your Organization Is Infected–Now What?

Your Organization Is Infected–Now What?

Your Organization Is Infected–Now What?Your Organization Is Infected–Now What?

These 10 tips from two renowned cyber-security pros offer help after your organization is hit with ransomware.

When Stricken, DisconnectWhen Stricken, Disconnect

Immediately disconnect the infected computer from any network. Turn off all wireless capabilities (wi-fi or Bluetooth). Unplug storage devices, such as USB or external hard drives. Do not erase anything or clean up any files or antivirus.

Determine the ScopeDetermine the Scope

To determine the extent of file infrastructure compromise, ask whether the infected machine had access to shared drives, folders, network storage, external hard drives, USB memory sticks for cloud-based storage (DropBox, Google Drive, Microsoft one Drive/Sky Drive, etc.)

Inventory For Signs of EncryptionInventory For Signs of Encryption

Check for a registry of file listings that has been created by the ransomeware. There are tools specifically made to list encrypted files.

Determine the StrainDetermine the Strain

You must know which ransomware you’re dealing with. Each follows this basic pattern: encrypting your files and then asking for payment on deadline. However, knowing the version will help you make more informed decisions.

Evaluate Your ResponsesEvaluate Your Responses

You have four options, from best to worst: Restore from a recent backup, Decryptor files using a third-party decryptor, Do nothing and lose your data, Negotiate/Pay the ransom

Protecting Against RansomwareProtecting Against Ransomware

Secure your main layers of defense. Think of your network as a series of layers. The outermost layer is the user. Secondary and tertiary layers (firewalls and antivirus) kick in after a user has clicked or visited a malicious link. Software alone is not a catchall: train users to prevent such attacks.

Security Awareness TrainingSecurity Awareness Training

Hackers and malware creators constantly change ways to trick users. Users need training on the basics of IT and email security and an awareness of the changing tactics of threat vectors.

Phish Your EmployeesPhish Your Employees

Simulate phishing attacks to let your IT group know who is vulnerable and train them to avoid potential harm. When your group knows the organization’s phishing them, they’ll pay extra attention to what’s coming through their inboxes.

Anti-Virus, Anti-Spam/Phishing and FirewallsAnti-Virus, Anti-Spam/Phishing and Firewalls

Software-based protection is vital. By isolating directories with a software restriction policy, you can cut down on your susceptibility to infections. You can also reduce the chance of ransomware infections by using specialized software that scans for these types of infections.

BackupsBackups

Regularly back up your files and use a regularly tested restore procedure. With all the onsite and cloud-based backups, there’s no excuse for not regularly backing up. Always have an offsite or redundant backup in place.

Karen A. Frenkel
Karen A. Frenkel
Karen A. Frenkel is a contributor to CIO Insight. She covers cybersecurity topics such as digital transformation, vulnerabilities, phishing, malware, and information governance.

Get the Free Newsletter!

Subscribe to Daily Tech Insider for top news, trends, and analysis.

Latest Articles