Motivation: Making the Systems Engineers life easier.

Ransomware Attack


Ransomware Attack

Ransomware Attackers Demands Bitcoin To Unlock The Data

The threat of ransomware attacks and data theft is becoming more prevalent across the globe by the day. Hackers target the big giants and demand a large quantity of money to decrypt their data.

Ransomware has become the biggest problem for enterprises and organizations across the globe. Through ransomware attacks, a hacker infects a company’s computer through malicious software. All the files and data of the computer and the network gets locked and the hacker gain the access to it. The compute screen displays messages demanding a fee to be paid in order to work again.

Usually when the attacks happens IT Team notices the failure of services and notices that the servers and client machines are being encrypted.

“In a normal behavior IT Team thinks it could be a hardware failure but later it shows that the problem is not related to hardware.  

Usually the attack is not just happens in a day or two, the hacker hacks the environment, sits in the environment for few days and tries to gain access to all the servers and workstations under the hackers reach and upon one day early morning everything start to stop working.

“Because of such attacks, giant companies suffer with huge losses apart from risk of misuse or loss of the valuable and confidential data”.

This type of malware is a fraudulent money-making scheme that can be installed by deceptive links in an email, instant message, or website. It can lock a computer screen or encrypt crucial, predefined files with a password.

Ransomware attacks are the biggest worry for organizations around the world. Despite the attack troubling big corporations for a couple of years, there is no full-proof solution to guard against such a sophisticated attack.
The following should be applied at a minimal level to mitigate such risks:
  • Periodic backup of data to be taken. If data is critical, it must be backed up daily. Alternately, weekly full backup with daily incremental backup; In case of any ransomware attack, the previous clean backup must be restored. The data should be backed up across multiple locations (Eg: Tape Bakcups, Off-site backups, Cloud (Azure/AWS) etc..)
  • Secure network architecture by putting the database in a secure zone behind DMZ.
  • Implementation of IPS/IDS/hardening of firewall with all logs on.
  • Having the latest licensed Anti-Malware with scanning of each and every mail and data item.
  • Blocking all USB ports except desired ones.
  • Blocking all not required services/ports.
  • Regular patching for Servers, Workstations and Business Applications
  • Creating awareness amongst users to
    • Identify phishing/spam/ malicious mail.
    • Not to use pen drives/other-media to copy data/programs.
    • Not to visit undesirable websites.
    • Incident reporting.
    • Cyber hygiene.
  • Defining risk mitigation for malware/ransomware in Business Continuity Plan (BCP) and regular drill.
  • In a critical data center, monitor all data traffic using Security Operations Center (SOC).


Leave your thought here

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.