ابدأ بالتواصل مع الأشخاص وتبادل معارفك المهنية

أنشئ حسابًا أو سجّل الدخول للانضمام إلى مجتمعك المهني.

متابعة

How can you control ransomware virus in your network?

user-image
تم إضافة السؤال من قبل A.B.M. Kamrul Ahasan Majumder , Manager(Head of IT network & Information security) , Bangla Trac Ltd.(Bangla Cat)
تاريخ النشر: 2016/08/20
mohamed hany mohamed essam saad
من قبل mohamed hany mohamed essam saad , Network administrator , Al Ahram newspaper

make sure u got a good antivirus product which use remote administration kit to force running it , a good policy applied to the end user desktops and to be more secure block users from using removable media such as usb flash hard drives dvd cd thats all i guess.

Omid Raghimi
من قبل Omid Raghimi , Senior Cyber Security Engineer - Incident Response (DFIR) , Lloyds Banking Group

Its been a while from the time that this question has been raised, but I think the question is more targeted to "how to control in" as suppose to "prevent" it. In terms of controlling the Ransomware the main aim would be to avoid lateral movement of the infection and throughout the network. in this case Incident Response (IR) and BlueTeam plays a vital role Simply:

 

  • Identification
  • Containment
  • Eradication and Recovery

phases of an IR team. Basically the vector delivering a ransomware is mostly Email using different techniques such as (not limited to):

  • Macro Enabled documents (docm.xlsx,xlsm, doc etc.)
  • JavaScripts embedded in a zip file or an html file
  • etc.

at the first stage of delivery using this techniques normally what happens is the malicious document or js file(so called the "downloader") will request the malicious executable to be downloaded using an HTTP request. after this stage the main executable will get executed and the encryption starts.

 

so as mentioned above the first containment action as a priority should be blocking the URLs/IPs that the downloader talks to. so that the malicious executable will not get downloaded anymore. basically can be done using blacklisting on WebProxy servers (quick win) or any other network tools sitting between the end users and internet (IPS, Firewall etc.) after this submitting the file to the Antivirus (AV) vendors to update their database for future/current detection (this will make life easy if you are working in an enterprise withs/s of endpoints)

 

Blocking the senders or filtering the email gateway based on the patterns of Email subject or attachment name can be further necessary actions for containing/Controlling the scenario in the environment.

 

the Recovery and Eradication phase after this can be easily done by correlating Email logs and AV logs for further detection and cleanup if you follow similar step as from now on your AV vendor detects that malicious file.

 

*Don't forget that Ransomware only encrypts Documents and Not System executables as it needs them to function properly" so u can use this as a counter technique to defend yourself :D

 

If you are interested in more details you can read my analysis over "Cerber Ransomware" and its functionality either on LinkedIn or myBlog. Any question feel free to drop me a note  :)

 

(لقد تم حذف الرابط بسبب انتهاكه لسياسة الموقع. يرجى التواصل مع قسم الدعم لمزيد من المعلومات.)

https://deobfs.com////behaviour-analysis-of-cerber-ransomware/

-Omid

Muhammad Haseeb Javed
من قبل Muhammad Haseeb Javed , TeamLead Broadband , PTCL (Pakistan Telecommunication Company Limited)

Avoid Spam and unknown mails and and never attach a USB  r another D.T thing before scanning and every take backup every after2 days and most antivirus also dose not detect such type of virus

Kasiananthan C CRISC CISA CEH
من قبل Kasiananthan C CRISC CISA CEH , Technology Risk and Controls , BA Continuum India Private Limited (Bank of America Subsidiary)

Ransomware only targets the availability of data. Best control is regular backups, testing the backups. Awareness to employees on Phishing, Ransomware threats.

Mohamed Azharudeen A
من قبل Mohamed Azharudeen A , Technical/Pre Sales Engineer , TTC TECH L.L.C

Ransomware may direct a user to click on a link to pay a ransom; however, the link may be malicious and could lead to additional malware infections

Jasik  Vettithulath Usman
من قبل Jasik Vettithulath Usman , IT Support Engineer , Lulu Group International

Ransom-ware Viruses are mainly effected through mail or other web based applications

 

Do these Steps 

  • Avoid Unwanted Mails and Report as Spam 
  • Don't click or read mails from strangers and move to trash
  • Check Whether any Unwanted Programs Installed on PC and Remove it fast
  • Use Best in class Antivirus Or Use Anti Malware Applications
  • Scan Once daily For Security threats
  • When have a doubt ransom-ware is effected just release the network cable and shutdown PC for while ( this is for reducing quantity of encrypted files )
  • Remove all effected files and Formatting OS is well 
  • Took Daily Backup of Important Files

Umar Sa'ad
من قبل Umar Sa'ad , Assistant Network & Security Manager , Dangote Petroleum & Petrochemicals FZE

The greatest attack vector for ransomware is phishing.. I recommend user awareness as a long term solution.. A technical mitigation is regular backups. 

Hayder Mohd Ahmed Hamad Hamad
من قبل Hayder Mohd Ahmed Hamad Hamad , I.T Director , Almajd Satellite Network company K.S.A, Riyadh

·         ALWAYS BACKUP YOUR DATA

·         Avoid spam emails.

·         Update your OS & software regularly

·         Use strong passwords

·         Notice a suspicious process on your PC

 

·         Use anti-malware software and a firewall.

A.B.M. Kamrul Ahasan Majumder
من قبل A.B.M. Kamrul Ahasan Majumder , Manager(Head of IT network & Information security) , Bangla Trac Ltd.(Bangla Cat)

most of the antivirus do not protect ransomware virus. ransomware virus act files as encrypted

المزيد من الأسئلة المماثلة