EXPERT OPINION weaker than a historical view across your network
Unfortunately , there is little one can do to recover files once the system is infected with a ransomware attack , but here are a few tips that can help prevent it from spreading and you to be a victim of a repeat attack . Steps that can be taken when a ransomware attack happens :
email attachments . Ideally , use an advanced EPP / EDR security solution that can enforce a policy to prevent macro execution or block malicious content if it is executed by the user . CDR ( Content Disarm and Reconstruction ) software can also help protect against exploits and weaponised content in emails and other external sources .
• It is obviously best to prevent the ransomware attack from occurring , as recovery is difficult
What advice would you offer organisations for navigating the prepare , protect , respond and recover stages of an incident ?
To address the security challenges , we believe preparation and protection should :
• Support all your existing OSs , including cloud and VDI ; attackers are always looking for your weakest link
With millions of people working from home , there is an enormous attack surface ripe for the taking by malicious actors .
• Include several types of technologies that can detect in parallel to achieve separate security layers
• Not rely on a person to run it effectively , including threat prevention
• Integrate with other security solutions on your network – able to benefit and provide security data
• Allow visibility of all your assets : a single view of a device is always
1 . Alert law officials – They probably won ’ t be able to help , but as with any ransom activity , they should be informed .
2 . Isolate the infected machine – It ’ s important that the system is taken offline , as they essentially own the machine now and can use it to gain access to other systems on the network .
3 . Don ’ t pay the ransom – As with any form of ransom , one is not guaranteed to get data back and paying could encourage attackers to keep up their lucrative game . In addition , if one pays and actually gets keys once , one may be the target of a repeat ( and potentially more costly ) ransom attack in the future .
4 . Remediate – Run endpoint security software to discover and remove the ransomware software . If it cannot detect the threat , wipe your machine .
5 . Restore – Restore your files with the most recent back-up .
How can organisations best improve their endpoint security ?
It ’ s best if organisations use endpoint security software that protect it against unknown forms of ransomware . One way to do that is through EPP that uses Predictive Execution Inspection Engines that go beyond file-based analysis – even mathematic algorithmic analysis – that observes the actual execution of every system process or thread , in real-time . By understanding the execution behaviours of all applications , programs and processes in real-time , EPP should provide ultimate defence against any type of attack . u www . intelligentciso . com | Issue 30
43