Ransomware is the biggest threat presently for organizations globally. India has no different story than others. The aim of these cyber threats is crystal clear. They are here to extort money with the fake promises of restoring their systems and encrypted data.

In recent times we have received a lot of enquiries from the prospects and customers with reference to Ransomware attack. It’s, therefore, important to understand these risks and have knowledge of “’what to do and how to protect your business from becoming a victim of such attacks”.


Some of the most relevant queries asked by customers:


My data is being encrypted by Ransomware, what to do now?

1

Do not pay the ransom!

It seems that paying Ransom is the solution to the attack. But it’s a trap to extort money from you. Paying may prove like encouraging and funding these attackers. Even if you pay, it won’t guarantee that you will regain the access to the files. Paying may actually increase the chances of further attacks.
Remove the infected systems from the network and remove the threat.
Removal is best done when a system is of the network. This prevents further spread of the threat.
Restore any impacted files from reliable backup. Restoring your data from the backup is the easiest, safest, and fastest medium to gain access to your data.

2

Can I regain access to my files without restoring from backup?

There is no other option to regain the access. In earlier variants of threats, it was possible to search the hidden ransom files and residual copies of private encryption keys in memory or locally. It is always a knowledge process for you if you search the variant of threat encountered by your organization, but most of the cases do not have the options as the attackers have upgraded their process/technology using the earlier funds extorted from the victims.

3

Can I “Brute-Force” my way into my encrypted files?

No, the current threats comprise an RSA-2048-bit encryption key. At present, it is not possible to Brute-force the key.


Conclusion:


What can I do to protect myself from ransomware?

1

Install, configure and maintain an endpoint security solution

With the end result being the secure working environment for business, a multi-faceted Network security solution should be installed. This solution should have protections for not just file-based threats, but should also include security from browsing / download, heuristic technologies and capable firewall.
Use latest updated Antivirus (IOTAP is a leading partner to leading antivirus solutions provider like McAfee, Symantec, Quick Heal etc.)

2

Office365

Use one drive to sync your data to a cloud. If data is encrypted, you can go back to an old version (one drive maintain the version of files when it is changed) and get back your data.

3

Backup and Data Recovery Solutions

Use backup to get back your data. IOTAP can offer you with Azure backup solution. We have a bunch of other backup solutions as well to make your data recovery smooth and effortless.