10 tips to mitigate ransomware

good morning, ladies and gentlemen my name zones Balsa from Proxima information technology Solutions today we talk about Ransomware Ransomware is a type of malware that encryption for systems and eventually renders your system unusable. Once the system has been encrypted. The threat actor will contact you to pay a ransom for the release of the files or to give you the there are no crypto in 2018 the number of global Ransomware attacks reach the round 204 million Exhaust considered to be one of the most pressing cyber security issues and world wide right now. So if you think about what what is what does with the cost be for? business Well, there’s obviously is a reputational cost. There’s the cost of trying to recover from the situation. So starts time you businesses time third party costs.

01:02 - And is also downtime and then there’s also the two. Costa considers the cost to your customers so hard as a Ransomware attacks happen job is very various mechanisms, but some of the common common that make it through email campaign, so a malicious email sent through to a user the user follows a link through to a browser which downloads the malicious payload and that payload lol Eventually starts in crafting your files or attacking some some software on your system. What are the systems type of Ransomware also run long enough in your system that your backups will will keep on backing up and corrupted files until that actually still use auto-rotating it now obviously, so when you’re trying to recover you basically just recover decrypt encrypted files. and then the final step of all of this is basically the person you will get notified and normally it happens through a some alert on your Pops up your screen saying that your files of all be encrypted and you must pay ransom. It’s normally through some electronic more reform to I Bitcoin to Decrypt your files auric and recover your files.

02:25 - What was the the best mechanism best offence to do this is taking preventative actions, so when looking at preventive actions is always to multiple lenses to look through there’s there’s people process and this technology. you need to sort a layered approach so Let’s start off with people. PIRSA foremost It’s cool that you do use awareness security awareness training, so you know educate users about the risk of malware, but the rest for rent somewhere. You know how it is hard as get to delivered. How do you spot it through the emails be cautious about? bad clicking on certain links from a technical perspective the process of ACC is Is helping people communicate when they suspicious? with the gods the emails or link for that matter what process should they follow if they’re unsure at who do they contact you know that we This is we needed to ITM the security team that that is that. is known to be collaborative with your with your With soft, so the people feel free that they can come have a conversation.

03:44 - Perspective there’s a whole host of steps that should be taken so things like spam filters. You know the stopper. spam Merlion system before they even reached the users. You’re not going to have a hundred percent head rate, but you can seriously reduce the amount of spam that people receive the other thing is is. Employing good security measures on your email system things like sbf. Mark and Deakin arms ASB epicentre policy framework Add Mark as the main message authentication reporting income confirmation and Decker Kim is the main key identification prevent to prevent email spoofing.

04:33 - We’re not going to go into details of these will probably do some shows in the future to talk about these. Then is also blocking access to malicious websites, and this is where a good firewall with some form of IBS intrusion prevention systems how to play? A lot of them. More muscle advance ones have a a website filtering system, so it will block it with dynamic to block malicious website. There’s no way that you can come and look on firewall to block all nurses websites for this is websites can be spun up and spun down with an hour’s so you know you need a global system that actually Traxxas stains and odor methley updates the firewall they aren’t as cost-prohibitive as people to dented think so, it’s Well worth investing in that. Batch operating systems in top of Melway normally attacks available software, so you know patching operating systems is absolutely key.

05:40 - Set malware and virus applications to scan assistant regulatory. Especially for critical system, so some of your main servers are there in points as well. Follow least privilege practice, especially privileged accounts, what does mean as basically? Only give a person access to what they need to do their job lot of leader see lot in organisations where people do the daily processes with musing admin accounts. You know even admins should be using a normal account to do their normal operations, but only using admin accounts are due to perform their. school admin topper roles enable application work this thing the this another key so application whitelisting as effectively, where your systems or figure that you can only install Are you waitlist certain applications? So things like Word Excel that’s up a stuff but it there’s different ways to attack this, but effectively it limits.

That’s the type of applications that can be installed so you know even if a user must 06:48 - install something which isn’t this city? To the best interest of the business they get blocked, but it also means that if there is a process trying to install application that gets blocked as well. And finally there’s a lot more, but there’s did this is a final on and we go to cover is backup systems regulatory and test backups on a regular basis. We really touched on why this is critical that the testing the plant is. Where are not organisations for short? So, what should you do if you get the red somewhere now all these steps actually come as recommendations from the FBI the first thing they say is isolate the system from the rest of the Netflix au? You know that that’s obviously is. What was the acoustic because you’ve I see don’t want the the Melway or their scription to starts moving laterally through the organisation, so in immediately disconnect your quiet connection.

07:43 - Disconnect your all your wireless connection. The other thing is if you want to be dead Certain obviously disconnect the power shut the system down the downside of that is that you could actually be destroying evidence if you’re gonna go down that pass. Actual lights backups test at a good test that they don’t they don’t contain the malware and or was he trying to restore the system. Elise gets the critical part of the business back up and running as soon as possible contact you Lord for sment. They will be able to suggest your next best steps, especially specific to your region.

08:23 - And then other thing is that we highly recommended sun is starting to change transfer password so admin passwords Domain passwords. Hopefully all of this makes sense. If you need any assistance with any of this please feel free to reach out to us. If you got any questions. Feel free to reach out on us either via website, or just give us a call. This is her smell so from Proxima information technology Solutions .