Detecting and responding to ransomware

Ransomware is the current bane of security experts and businesses alike. Infection rates over the last year and a half have increased dramatically. Unfortunately, the majority of businesses are unaware of the risks or how easy it is to become infected. As an example, there have been instances where adverts on well-known, reputable websites have redirected to ransomware, causing immediate infection on unprotected computers.

At this point, there are more than 124 separate variants of ransomware. More common strains are various versions of Locky and Cryptolocker. Ransomware is now at the forefront of malware innovation, with virulent strains of ransomware able to operate only in the memory of a computer, leaving no trace on the computer's file system. This makes it increasingly difficult for security specialists, software, and developers to prevent attacks.

Here are some tips which you can use in case one of your computers becomes infected:

  • Try and detect the infection as soon as possible. It takes time for ransomware to encrypt files and if it is found in the early stages of infection then the damage can be more easily rectified.
  • Use some software to detect ransomware. At Datcom we have written an application which reports back to our Network Operations Centre if there is a possibility of infection, and also indicates the user who might be infected.
  • Identify the computer which is causing the infection and disconnect the Ethernet cable or switch off the Wi-Fi. If you are unsure, turn off the computer too.
  • Train your team to respond if they receive a ransomware pop-up (it is surprising how many people will close the infection alert and not notify anyone, losing valuable minutes or hours.)
  • Switch off folder sharing on the server in case the virus has spread to more than one computer.
Once the infection has stopped spreading and it has been confirmed that no other computers are infected, it is time to start restoring data from your backup (using your Disaster Recovery plan.) If you do not have a DR plan, are unsure if you have a backup, or have never performed a test restore, it is time to contact Datcom.

Get in touch

Call us on 0333 000 3210 or Email us solutions@datcom.co.uk

Latest news...

Adobe Flash End Of Support

Adobe Flash Player will reach end of support on 31st December 2020, at which point Adobe will no longer update or distribute Flash Player and all major browsers will not allow Flash Player plugins.

Read More

End Of Long Life Certs

Apple are changing the validity check for TLS certificates from the 1st September 2020, this will affect all renewals after this point in time.

Read More

Securing Data in Microsoft Teams

With a large spotlight being shined on the technologies being used for working from home, we have taken this opportunity to talk about securing Microsoft Teams and best practice surrounding the data held within.

Read More