Three Phases of Ransomware
By this point, your organization should be well educated on the threat of ransomware. New strands are still being introduced almost weekly and countless victims are getting infected and are facing the decision; to pay or not to pay. A few times a week, I google ransomware just to keep up on the latest strands that have been introduced and to read about some of the organizations that have been infected and how they chose to resolve the issue. Will the news articles ever slow down? The best way to defend your organization against the threat of ransomware, is to break it down into manageable parts.
3 phases of ransomware:
- Delivery. This is the point the ransomware enters your network. Given the sophisticated nature of ransomware, your organization needs equipped with Advanced Threat Protection (ATP) to be able to detect the ransomware, as it repackages itself frequently to avoid detection. An ATP solution gathers intelligence from other organizations and quickly processes this information to determine the threat against these vectors including: email, web, network, and application.
- Infection. This is the phase where the ransomware process is executed in the network. Often times the delivery phase is a mask for the actual infection phase. A common technique used is impersonation, where the attacker poses as an individual you are already familiar with. Therefore, the attack will be constructed to appear inconspicuous to the untrained eye. Once the victim opens this advanced persistent threat which is embedded, it is unleashed and the malware will be executed upon the opening. As you can see, impersonation is used to deliver the malware, and an advanced persistent threat in an email attachment is used to detonate the ransomware and encrypt the user’s files and distribute copies of itself searching for more victims. Exposing you and potentially others.
- Recovery. If you get to this phase, it means you were infected. This phase is where you stop the ransomware attack, remove it from the network, check for any additional malware that may enable further infection, and test the endpoint antivirus. Once you have cleaned and sured up the network, you will need to recover your files from your backup tool. Your network and endpoint protection has to be up to date and working properly, so that you’re not restoring any infected files. The post-infection phase will be different for every organization, but should always include testing and evaluating the process to ensure you don’t need to make changes to better protect yourself in the future.
A successful ransomware attack causes downtime, frustrates the heck out of the user and causes lost productivity, lost business, and much more. The best you can hope for after a ransomware attack is that you were prepared with the correct tools to make the cleaning up and restoring of your backups easy and that all your files are intact. The speed at which you can recover is just as important as restoring all of your files, so do not make the common mistake of only using a backup solution. You will need more tools or else one ransomware attack could become a fatal blow for your business. 2W Tech has IT Consultants on staff that specialize in backup & disaster recovery solutions and preparation. Ask us about our total protection coverage and give your organization some peace of mind against malware and ransomware attacks.
Best Practices in Disaster Recovery Whitepaper
Enjoyed reading this article? Click the button below to download this asset.