Dealing with the aftermath of ransomware attacks is like Russian roulette. Submitting the ransom might seem like it’s the sole option for recovering locked data. But paying the ransom doesn’t mean that your organization will get its affected data back.

Let’s not forget that ransomware also continues to evolve as a threat category. Beginning in late November 2019, crypto-malware gangs like Maze and DoppelPaymer began stealing the data of non-compliant victims prior to activating their encryption routines and subsequently publishing this information on dedicated data leak sites. These malicious actors resorted to this technique as a way to bypass data backups and to compel organizations to pay—sometimes twice—so that they’d avoid the costs associated with suffering a data breach.

This is precisely why detecting a ransomware attack that’s in progress is not enough. You need to focus on preventing a ransomware infection in the first place. You can do so by following the security measures listed below.

  1. Inventory your assets.

In order to protect yourself against a ransomware infection, you first need to know what hardware and software assets are connected to the network. Active discovery can help, but it will not uncover assets deployed by personnel from other departments. Acknowledging this shortcoming, you should embrace passive discovery as a means of building a comprehensive asset inventory as well as keeping that list of connected hardware and software up to date.

  1. Personalize your anti-spam settings the right way.

Most ransomware variants are known to spread via eye-catching emails that contain malicious attachments. Some of these attachments might involve Word documents or other file formats that are commonly used in your organization. But some might arrive in a format that’s rarely if ever used. Subsequently, you can configure your webmail server to block those attachments. (File extensions like .EXE, .VBS or . (Read more...)