Ransomware has hit hundreds of thousands of businesses worldwide, especially small businesses, who had never expected to be impacted by such a serious virus threat.
For people who are still figuring out Ransomware, it is a type of malware which encrypts the entire system and then the hacker asks for the payment in Bitcoins for decryption. Unfortunately, even if the payment is made, the chances of data recovery is less than 30%-40%. Hence, most organizations are at a serious risk of data loss and jeopardizing operations.
Here are some Do’s and Don’ts to protect systems from Ransomware or another malware attack.
– Keep the OS up to date
– Try to avoid using web based emails for time being. (like Yahoo, Gmail etc.,)
– If you find any suspicious behavior of system, please report to your admin immediately and disconnect the LAN/Internet Cable or Wi-Fi
– Don’t open attachments unless they are expected and come from a known and trusted source
– Don’t execute software that is downloaded from the internet (if such actions are permitted) unless from a trusted source or the download has been scanned for malware
– Be cautious when clicking on the URLs in emails or social media programs, even when coming from a trusted sources and friends
– Carefully analyze the messages or alerts which you receive before taking any action. Ignore irrelevant messages
– If Windows user see a warning indicating that they are “infected” after clicking on URL or using a search engine (indicative of fake virus infections), it is better to close or quit browser by using Alt-F4, CTRL+W or with the use of task manager then inform to IT Department
– Minimize downloads
– Use strong passwords
– Do not enable macros on office documents and watch out for warnings and alerts
The next steps have to be taken by the IT teams as these involve Database Server and Application Server. Both should be separated and the IP address shouldn’t be given to the Database Server. They should be insulated by a firewall. Special care needs to be taken while creating backups. A device which is not attached to any network (like an external hard disk) should be used in this respect. Also, the backup needs to be taken on two different devices (like external HDD) and both these devices should be put through scanning on a regular basis for viruses so that the data is secure and can be restored. In case the backup files are being zipped, then they need to be password protected. Most importantly, the folder where the backups are stored should not be given conventional names like ‘Backup’. Even after taking all the requisite measures, the server might still get attacked. In that case, the server needs to be removed from the network with immediate effect.
About the Author
Mr. Sanjay Agarwala is the Co-Founder and Managing Director of Eastern Software Systems Pvt. Ltd. Among other things, he is considered an authority on “Doing Business in Africa” and has spoken extensively on the subject at various industry seminars over the years. He is on the Executive Committee of India’s Software Export Promotion Council. Prior to founding ESS, he worked in technology as well other industry domains. He is an alumnus of the Indian Institute of Management, Ahmedabad. In his leisure time, Mr. Agarwala loves reading and is also an avid gardener.