Start Your Journey Towards NIST 800-171
and CMMC Certification
​
Don’t be a Victim of Cyber Attacks
Bluestreak Consulting™ can help reduce your Cybersecurity Risk.
Ransomware Facts, Threats,
and Countermeasures
What is Ransomware?
Ransomware is a type of malware threat cyber criminals use to infect computers and encrypt computer files until a ransom is paid. After the initial infection, ransomware will attempt to spread to connected systems, including shared storage drives and other accessible computers.
If the threat actor’s ransom demands are not met (i.e., if the victim does not pay the ransom), the files or encrypted data will usually remain encrypted and unavailable to the victim. Even after a ransom has been paid to unlock encrypted files, criminals will sometimes demand additional payments, delete a victim’s data, refuse to decrypt the data or decline to provide a working decryption key to restore the victim’s access. The Federal Government does not support paying ransomware demands.
What Can I Do To Protect My Data And Networks?
Back up your computer. Perform frequent backups of your system and other important files, and verify your backups regularly. If your computer becomes infected with ransomware, you can restore your system to its previous state using your backups.
Store your backups separately. The best practice is to store your backups on a separate device that cannot be accessed from a network, such as on an external hard drive. Once the backup is completed, make sure to disconnect the external hard drive, or separate the device from the network or computer.
Train your organization. Organizations should ensure that they provide cybersecurity awareness training to their personnel. Ideally, organizations will have regular, mandatory cybersecurity awareness training sessions to ensure their personnel are informed about current cybersecurity threats and threat actor techniques on at least an annual basis. To improve workforce awareness, organizations can test their personnel with phishing assessments that simulate real-world phishing emails.
What Can I Do To Prevent Ransomware Infections?
Update and patch your computer. Ensure your applications and operating systems have been updated with the latest patches. Vulnerable applications and operating systems are the targets of most ransomware attacks.
Use caution with links and when entering website addresses. Be careful when clicking directly on links in emails, even if the sender appears to be someone you know. Attempt to independently verify website addresses (e.g., contact your organization's helpdesk, search the internet for the sender organization’s website, or the topic mentioned in the email). Pay attention to the website addresses you click on, as well as those you enter yourself. Malicious website addresses often appear almost identical to legitimate sites, often using a slight variation in spelling or a different domain (e.g., .com instead of .net).
Open email attachments with caution. Be wary of opening email attachments, even from senders you think you know, particularly when attachments are compressed files or ZIP files.
Keep your personal information safe. Check a website’s security to ensure the information you submit is encrypted before you provide it.
Verify email senders. If you are unsure whether or not an email is legitimate, try to verify the email’s legitimacy by contacting the sender directly. Do not click on any links in the email. If possible, use a previous (legitimate) email to ensure the contact information you have for the sender is authentic before you contact them.
Responding To A Ransomware Attack
Immediately disconnect the infected system from the network to prevent infection propagation.
Determine the affected data as some sensitive data, such as electronic protected health information (ePHI) may require additional reporting and/or mitigation measures.
Determine if a decryptor is available. Online resources such as No More Ransom! can help.
Restore files from regularly maintained backups.
Report the infection. It is highly recommended that you report ransomware incidents to your local Federal Bureau of Investigation (FBI) field offices or to the Internet Crime Complaint Center (IC3).
DO NOT PAY THE RANSOM!!
Let us help you secure your data and secure your future.