5 Steps for Preventing Ransomware
-
Upload
rapidsslonlinecom -
Category
Internet
-
view
85 -
download
1
Transcript of 5 Steps for Preventing Ransomware
Encryption is now used as a weapon, holding companies’ and individuals’
critical data hostage
Internet SecurityThreat ReportVOLUME 21, APRIL 2016
600
500
400
300
200
100
Thousands
Growing Dominance ofCrypto-Ransomware
Percentage of new families of misleading apps, fake security software (Fake AV), locker-ransomware, and crypto-ransomware
Regularly back up files on both the client computers and servers. Either back up the files when the computers are offline or use a system that networked computers and servers can’t write to.
If you don't have dedicated backup software, you can copy important files to a removable media. Be sure to eject and unplug the removable media when you're done.
If you pay the ransom:
● There’s no guarantee that the attacker will supply a method to unlock your computer or decrypt your files.
● The attacker will likely use your ransom money to fund attacks against other users.
Don’t pay the ransom.
New definitions are likely to detect and remediate the ransomlockers.
Symantec Endpoint Protection Manager automatically downloads virus definitions to the client, as long asthe client is managed and connected to theSymantec Endpoint Protection Manager.
Secure them with a password and access control restrictions.
Use read-only access for files on network drives, unless it’s absolutely necessary to have write access for these files. Restricting user permissions limits which files the threats can encrypt.
As with other security products, Symantec Endpoint Protection cannot decrypt the files that ransomlockershave sabotaged.
Attacking exploit kits can’t exploit vulnerabilities that have been patched. Historically, attacks were delivered through phishing and web browsers.
In the future, it’s likely we’ll see more attacks delivered through vulnerable web applications, such as JBOSS, WordPress, and Joomla.
Do this before the ransomware can attack accessible network drives.
Use Symantec EndpointProtection (SEP) Manager
If you can identify the maliciousemail or executable, submit it to
Symantec Security Response: Symantec.com/security_response
These samples enable Symantec to create new signatures and improve
defenses against ransomware.
Submit the malwareto Security Response.
Isolate theinfected computer.
Restore damagedfiles from a knowngood backup.
Protection Against Ransomware
All-Ransomware Crypto-Ransomware Crypto-Ransomware as % of All Ransomware
DECNOVOCTSEPAUGJULJUNMAYMARJAN APRFEB20150%
100%
50%
Steps forpreventingransomware
0%
FakeAV Crypto-RansomwareLockersMisleading Apps
100%
Crypto- Ransomware as Percentage of All Ransomware
Although the chart indicates a steady decline in traditional ransomware in 2015, crypto-ransomware now accounts for the majority of all ransomware.
Pay Ransom PurchaseBack
’07’06’05 ’08 ’09 ’10 ’11 ’12 ’13 ’14 ’15
Back up your computersand servers regularly.
Lock down mappednetwork drives.
IPS blocks some threats that traditional virus definitions alone cannot stop.
SONAR provides real-time protection, using heuristics and reputation data, to detect emerging and unknown threats.
Insight quarantines questionable files that haven’t been proven safe yet by the Symantec customer base.
Deploy and enable all Symantec Endpoint Protection technologies.
Ransomware threats are often spread through spam emails that contain malicious attachments. Scanning inbound emails for threats with a dedicated mail security product or service is critical to keep ransomware and other malware out of your organization.
For more information, see:Symantec.com/connect/articles/support-perspective-w97mdownloader-battle-plan
Use an email securityproduct to handleemail safely.
Download the latestpatches and plug-ins.
How do I remove ransomware?In almost all cases, ransomware encryption can’t be broken. If your client computers get infected with ransomware and
your data is encrypted, follow the steps below.
DOWNLOAD THE FULL REPORT