As long as we continue to unthinkingly open and left-click email files, this sort of problem will never go away. Anti-malware companies will grab the chance to promote their products. But, what lessons can we learn from this attack?
Ransomware is a form of digital extortion containing encrypted files. This infects your local machine and the connected file servers, and also the OneDrive file servers and other synchronisation tools. As soon as the files are encrypted, you receive instructions on your screen to pay for a code which will give you access to your data.
The noticeable difference with this version from the 'WannaCry family', is the fact that it spread very quickly. It takes only one single user to be infected, and, without realizing it, the malware spreads via SMB: the Windows protocol for file sharing.
Ransomware changes and new versions appear all the time. You can take a number of precautions to prevent becoming infected:
Wipe the entire system and restore your backup. You don’t have a backup? A public decryption key is currently not available for this version. However, it is not advisable to pay. Not only does this encourage future attacks, often the key you receive does not work.
Prevention is better than cure! Remember, it can happen to you. Work out a disaster scenario on paper, with clear contacts and persons responsible, even if you only need one A4. In the event of something happening, it will save you a lot of time.
You also need to be technically prepared. Where the traditional Endpoint Security solution focuses on detecting and preventing problems, the so-called Endpoint Detection & Response technology (EDR) will help you to track them down. With EDR, you can determine how the threat occurred and where the similar indicators (files, certain IP communication, etc.) reside. There are ways to considerably limit the problem by, for example, automatically isolating these machines so they cannot continue to spread any malware via the network.
For many years Endpoint Security has received too little attention. Antivirus technology did not evolve properly, and was already outdated on release. It also slowed down your PC. The cheapest solution, in combination with a dose of common sense, ought to be able to protect us.
In the meantime, there has been a strong development in Endpoint Security, although, users’ knowledge lags way behind. Companies invest lots of money in IT protection, but, as long as users click on untrustworthy links, this won’t help. It is important to invest in awareness, and to continuously check your users’ knowledge. We can help you do this.
Need to vaccinate your users against malware? Make an appointment by contacting firstname.lastname@example.org.
Your email address will not be published. Required fields are marked.