Have You Ever Been Victim of a Ransomware Attack?
Have You Ever Been Victim of a Ransomware Attack?
Ramsonware attacks have become very popular for the last few years, like the recent one WannaCry. That's the reason why it is essential to always have the latest updates and know how to proceed in case of suffering one.
A couple of months ago in Spain everyone found out about the case of SEPE (National Public Service for Employment), who were forced to suspend all their activities in Spain due to a cyberattack, particularly by a ransomware, a type of virus that holds your data in exchange for a ransom. In this case, it was a sensitive case due to the amount of data that the SEPE manages. Along these weeks, we also saw other organizations affected, such as The Phone House, the University of Castilla la Mancha, the INE (National Institute for Statistics), or the Ministry of Employment and Social Economy that suffered last Wednesday an attack of a similar nature, according to reports by the very ministry in their official Twitter account.
To react in the best possible way, first it is important to have a clear idea of the kind of attack we're suffering. In this particulare case, a ransomware attack consists of a type of program that gets into the system, encrypts data and asks for a ransom in exchange of the key to uncript them.
One of the most important aspects is having an propriate Backup policy, with control over the stored copies, fast deployment and recovery capacity. This will allow you to easily be a step ahead when you suffer this kind of incident.
These attacks have been very popular during the last decade, some of the as popular as the recent WannaCry that affected important companies both in Spain as well as internationally. Now in the current working situation, where many employees are working from home, the risks have increased due to, among many things, external connections, files out of the company's control, applications, etc. While it is true that we usually have antimalware solutions, many times these don't detect all threats.
uCybersecurity Full 24/7/365 custom security at reach
Data, systems and applications protected and controlled
What to do if you experience a ransomware
In the face of such an attach, Uniway's cybersecurity expert advises to follow a series of steps.
“We know this type of event can entail disastrous consecuences. For starters, we recommend to stay calm and keep a cool head, gather those responsible for the affected areas of your organization to start managing the incident as quickly as possible. When dealing with this type of attacks, every second matters. Afterwards to begin the whole investigation, it is necessary to answer lots of different questions: how did it happen?, where did it happen? why did it happen?, what was the computer where everything got started? etc.
By having that sort of information in your hands, with the experience and the tools experts in cybersecurity have, it is time to identify the affected computers and isolate them immediately from the network. That means leaving them with no conection to the Internet, so that the ransomware cannot spread anymore. Then you need to clone the computers to send them to the forensic team so that they proceed with the investigation and meanwhile report the incident to the authorities of your country.
Finally proceed to disinfect the infected computers, change passwords, restore backup copies, etc. All of this in order to make computers as they were before the attack and don't forget to document the whole unfortunate event to learn from it and prevent it from happening again.”
These might interest you...
