How does a ransomware infection occur?
- Email messages that carry downloader trojans, which attempt to install ransomware
- Websites hosting exploit kits that attempt use vulnerabilities in web browsers and other software to install ransomware
More recent ransomware have worm-like capabilities that enable them to spread to other computers in the network. For instance, Spora drops ransomware copies in network shares.
- Keep clear inventories of all of your digital assets and their locations, so cyber criminals do not attack a system you are unaware of.
- Keep all software up to date, including operating systems and applications.
- Back up all information every day, including information on employee devices, so you can restore encrypted data if attacked.
- Back up all information to a secure, offsite location.
- Segment your network: Don't place all data on one file share accessed by everyone in the company.
- Train staff on cyber security practices, emphasizing not opening attachments or links from unknown sources.
- Develop a communication strategy to inform employees if a virus reaches the company network.
- Before an attack happens, work with your board to determine if your company will plan to pay a ransom or launch an investigation.
- Perform a threat analysis in communication with vendors to go over the cyber security throughout the lifecycle of a particular device or application.
- Instruct information security teams to perform penetration testing to find any vulnerabilities.