Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

5 Steps for Preventing Ransomware

128 views

Published on

Symantec Advice's for Preventing Ransomware Attacks.

Published in: Internet
  • Be the first to comment

  • Be the first to like this

5 Steps for Preventing Ransomware

  1. 1. Encryption is now used as a weapon, holding companies’ and individuals’ critical data hostage Internet Security Threat Report VOLUME 21, APRIL 2016 600 500 400 300 200 100 Thousands Growing Dominance of Crypto-Ransomware Percentage of new families of misleading apps, fake security software (Fake AV), locker-ransomware, and crypto-ransomware Regularly back up files on both the client computers and servers. Either back up the files when the computers are offline or use a system that networked computers and servers can’t write to. If you don't have dedicated backup software, you can copy important files to a removable media. Be sure to eject and unplug the removable media when you're done. If you pay the ransom: ● There’s no guarantee that the attacker will supply a method to unlock your computer or decrypt your files. ● The attacker will likely use your ransom money to fund attacks against other users. Don’t pay the ransom. New definitions are likely to detect and remediate the ransomlockers. Symantec Endpoint Protection Manager automatically downloads virus definitions to the client, as long as the client is managed and connected to the Symantec Endpoint Protection Manager. Secure them with a password and access control restrictions. Use read-only access for files on network drives, unless it’s absolutely necessary to have write access for these files. Restricting user permissions limits which files the threats can encrypt. As with other security products, Symantec Endpoint Protection cannot decrypt the files that ransomlockers have sabotaged. Attacking exploit kits can’t exploit vulnerabilities that have been patched. Historically, attacks were delivered through phishing and web browsers. In the future, it’s likely we’ll see more attacks delivered through vulnerable web applications, such as JBOSS, WordPress, and Joomla. Do this before the ransomware can attack accessible network drives. Use Symantec Endpoint Protection (SEP) Manager If you can identify the malicious email or executable, submit it to Symantec Security Response: Symantec.com/security_response These samples enable Symantec to create new signatures and improve defenses against ransomware. Submit the malware to Security Response. Isolate the infected computer. Restore damaged files from a known good backup. Protection Against Ransomware All-Ransomware Crypto-Ransomware Crypto-Ransomware as % of All Ransomware DECNOVOCTSEPAUGJULJUNMAYMARJAN APRFEB2015 0% 100% 50% Steps for preventing ransomware 0% FakeAV Crypto-RansomwareLockersMisleading Apps 100% Crypto- Ransomware as Percentage of All Ransomware Although the chart indicates a steady decline in traditional ransomware in 2015, crypto-ransomware now accounts for the majority of all ransomware. Pay Ransom PurchaseBack ’07’06’05 ’08 ’09 ’10 ’11 ’12 ’13 ’14 ’15 Back up your computers and servers regularly. Lock down mapped network drives. IPS blocks some threats that traditional virus definitions alone cannot stop. SONAR provides real-time protection, using heuristics and reputation data, to detect emerging and unknown threats. Insight quarantines questionable files that haven’t been proven safe yet by the Symantec customer base. Deploy and enable all Symantec Endpoint Protection technologies. Ransomware threats are often spread through spam emails that contain malicious attachments. Scanning inbound emails for threats with a dedicated mail security product or service is critical to keep ransomware and other malware out of your organization. For more information, see: Symantec.com/connect/articles/support- perspective-w97mdownloader-battle-plan Use an email security product to handle email safely. Download the latest patches and plug-ins. How do I remove ransomware? In almost all cases, ransomware encryption can’t be broken. If your client computers get infected with ransomware and your data is encrypted, follow the steps below. DOWNLOAD THE FULL REPORT

×