RANSOMWARE CASES HAVE REACHED PLAGUE LEVEL. WHAT COULD BE WORSE? RANSOMWARE. 10 WAYS TO KEEP. OUT OF YOUR NETWORK.
10 WAYS TO KEEP
RANSOMWARE OUT OF YOUR NETWORK WHAT IS RANSOMWARE AND WHAT IS THE PROBLEM WITH IT?
Ransomware is malware that locks access or functionality on your computer and then demands payment in exchange for restoring normal operations to your PC. Right now, there are two different varieties of ransomware:
CRYPTO
BLOCKING
Encrypts data so it can’t be accessed
Prevents normal PC operations
RANSOMWARE
RANSOMWARE
RANSOMWARE CASES HAVE REACHED PLAGUE LEVEL.
WHAT COULD BE WORSE? Ransomware is expected to generate $1 Billion or more by the end of 2016.
What’s the most common way to deliver ransomware?
In 2016, there are a variety of ransomware variants increasing in presence, including:
Example: Your bank sends you an email with the right logo, links to the real bank URLs and your name. The message warns you that there is suspicious activity on your account and that you need to install an attached file to verify your creditentials.
Crypt XXX Cerber Locky CryptoWall Fsociety Locker
Email.
In reality, no bank should ever send a file and ask you to install it. The attached file was infected with ransomware which would have loaded onto your system if you had clicked on it.
10 THINGS YOU NEED TO DO TO PROTECT YOURSELF AND YOUR ORGANIZATION
1. Develop a backup & recovery plan BACK UP YOUR SYSTEMS REGULARLY, AND STORE THAT BACKUP OFFLINE ON A SEPERATE DEVICE
2. Use professional email & web security tools YOU NEED TO BE ABLE TO ANALYZE EMAIL ATTACHMENTS, WEBSITE, AND FILES FOR MALWARE. THAT WILL BLOCK POTENTIALLY COMPROMISED ADVERTISEMENTS AND SOCIAL MEDIA SITES THAT HAVE NO BUSINESS RELEVANCE. LOOK FOR SANDBOX FUNCTIONALITY, SO THAT NEW OR UNRECOGNIZED FILES CAN BE EXECUTED AND ANALYZED IN A SAFE ENVIRONMENT.
3. Keep your operating systems, devices, and software patched & updated.
4. Make sure that your device and network antivirus, IPS & anti-malware tools are running the latest updates.
6. Segment your network into security zones, so that an infection in 1 area cannot easily spread to another.
7.
Establish & enforce permission and privlege, so that the fewest number of users have the potential to infect business-critical applicaitons, data or services.
x
8. Establish and enforce a BYOD security policy which can inspect and block devices which do not meet your standards for security. No client or antimalware installed Antivirus files are out of date Operating systems need critical patches, etc.
9. Deploy forensic analysis tools so that after an attack you can identify: WHERE THE ATTACK CAME FROM HOW LONG IT HAS BEEN IN YOUR ENVIRONMENT THAT YOU HAVE REMOVED ALL OF IT FROM EVERY DEVICE YOU CAN ENSURE IT DOES NOT COME BACK
10. Do not SOLELY count on your employees to keep you safe. While it is critical to up-level your user awareness training so employees are taught to not download files, click on email attachments, or follow unsolicited web links in emails, human beings are the most vulnerable link in your security chain, and you need to plan around them.
Consider scheduling a network security assessment to detect your vulnerabilities and protect your organization before it’s too late. Let’s talk. 888.340.9835 www.xtelesis.com/securityassessment
