Repeat Ransomware attacks: What should I do if my organization fall victim
Ransomware is a form of malicious software (malware) that targets sensitive data and systems in order to extort money.
Ransomware frequently spread via phishing emails that appear to come from legitimate clients, suppliers, or other established contacts. These messages can include links or attachments that encrypt the user’s computer and spread to other files on the corporate network when clicked. After locking the user out of the devices, the cybercriminal requests a ransom payment, which is normally made in bitcoin or other cryptocurrency.
REPEATED ATTACKS: We have learnt from past experience that this attack will NOT be a one-time attack. Those who have been affected by ransomware stand a good chance of being re-infected again at least more than once.
SYMPTOMS & ACTION
Below are the examples of symptom encountered when a machine is suspect to be infected by Ransomware. Your files is not able to access / is changed to random extension (e.g. from “.doc” to “. uvwxyz”)
Computer wallpaper / website prompt requesting for ransom payment
How to fight against Ransomware?
Currently, recovery of any data infected by Ransomware is extremely difficult. By paying ransom to the hacker does not guarantee 100% recovery and not getting attacked again. Therefore, the best way to guard against Ransomware is to prevent it from happening.
Prevention involves these 3 key area: HUMAN + PROCESS + TECHNOLOGY
User Awareness & Organization Process:
- 1. Organization to spread cyber security knowledge to all employees
- 2. Management to enforce regulations and limitations to safety usage of IT resources (computer, thumb drive, external storage, Internet, mobile phone, etc.)
- 3. Avoid clicking embedded links, attachments, videos, etc. found in unverified emails
- 4. Be aware of unknown email, and recipient address list while replying email
- 5. Do not download unknown or unverified software / scripts from attachment or URL found in email
- 6. Always make a backup copy your important files
Technology & System:
- 1. Regular daily backup / real-time replication
- 2. Implement enterprise grade protections (endpoints, firewall, email security gateway etc.)
- 3. Ensure regular updates & patches
- 4. Secure user access with 2-Factor Authentication (2FA)
If you found or suspect your system is being attacked / compromised, below are the immediate actions to be taken to isolate the issue to prevent from spreading:
- 1. Disconnect your machine immediately from the network (unplug LAN cable or turn off Wi-Fi)
- 2. Run a full virus scan on your machine
- 3. Do not plug in any removable media (thumb drive or external hard disk)
- 4. Contact ACM QuickSupport at 62962910 (Option 2)