While the frenzy over recent ransomware attacks like WannaCry, NotPetya, and SyncCrypt has died down, we do not see a decrease in the overall number of ransomware and phishing attacks. Spear-phishing, in particular, remains a constant threat affecting even the smallest organizations. Cyberattackers are becoming increasingly sophisticated in their approaches, using public sources of information to build attacks that are difficult for companies to detect. Ransomware and phishing attacks are linked; in many cases a phishing or spear-phishing email is used to deliver the ransomware.
The current threat landscape requires two approaches to defense: a human-centric approach that relies on people and process and the second is a technology-centric approach.
Human-centric Security Defense
- Know your data
- Identify your risks
- Educate your people
- Use alternatives to email (Intranets, encrypted FTP, etc.) for sharing sensitive information
- Set processes for confirming the legitimacy of requests for sensitive data
Technology-centric Security Defense
- Spam Protection
- Email Authentication Protocols
- Edge Protection
- Filtering Appliances
- Endpoint Protection
- Web Shield
- Best Practice Processes and tools for industry-specific Security Compliance
If you believe you have been the victim of a ransomware or phishing attack, take the following action:
Disconnect Affected Devices
If you believe you might be a victim of ransomware, disconnect the affected devices from the network. After encrypting data on one device, ransomware will continue to search the network for a vulnerable machine to attack.
Preserve the Evidence
Do not immediately delete the phishing emails that were used to gain access to your system or rebuild the affected devices. Keep as much evidence as possible, so the perpetrators can be investigated and prosecuted.
Call Greystone – 303.757.0779
We will help you recover files and devices encrypted by ransomware and help you determine when, and if, to contact law enforcement.