Register now or log in to join your professional community.
make sure u got a good antivirus product which use remote administration kit to force running it , a good policy applied to the end user desktops and to be more secure block users from using removable media such as usb flash hard drives dvd cd thats all i guess.
Its been a while from the time that this question has been raised, but I think the question is more targeted to "how to control in" as suppose to "prevent" it. In terms of controlling the Ransomware the main aim would be to avoid lateral movement of the infection and throughout the network. in this case Incident Response (IR) and BlueTeam plays a vital role Simply:
phases of an IR team. Basically the vector delivering a ransomware is mostly Email using different techniques such as (not limited to):
at the first stage of delivery using this techniques normally what happens is the malicious document or js file(so called the "downloader") will request the malicious executable to be downloaded using an HTTP request. after this stage the main executable will get executed and the encryption starts.
so as mentioned above the first containment action as a priority should be blocking the URLs/IPs that the downloader talks to. so that the malicious executable will not get downloaded anymore. basically can be done using blacklisting on WebProxy servers (quick win) or any other network tools sitting between the end users and internet (IPS, Firewall etc.) after this submitting the file to the Antivirus (AV) vendors to update their database for future/current detection (this will make life easy if you are working in an enterprise withs/s of endpoints)
Blocking the senders or filtering the email gateway based on the patterns of Email subject or attachment name can be further necessary actions for containing/Controlling the scenario in the environment.
the Recovery and Eradication phase after this can be easily done by correlating Email logs and AV logs for further detection and cleanup if you follow similar step as from now on your AV vendor detects that malicious file.
*Don't forget that Ransomware only encrypts Documents and Not System executables as it needs them to function properly" so u can use this as a counter technique to defend yourself :D
If you are interested in more details you can read my analysis over "Cerber Ransomware" and its functionality either on LinkedIn or myBlog. Any question feel free to drop me a note :)
(URL removed due to policy violation. Please contact support for further information.)
https://deobfs.com////behaviour-analysis-of-cerber-ransomware/
-Omid
Avoid Spam and unknown mails and and never attach a USB r another D.T thing before scanning and every take backup every after2 days and most antivirus also dose not detect such type of virus
Ransomware only targets the availability of data. Best control is regular backups, testing the backups. Awareness to employees on Phishing, Ransomware threats.
Ransomware may direct a user to click on a link to pay a ransom; however, the link may be malicious and could lead to additional malware infections
Ransom-ware Viruses are mainly effected through mail or other web based applications
Do these Steps
The greatest attack vector for ransomware is phishing.. I recommend user awareness as a long term solution.. A technical mitigation is regular backups.
· ALWAYS BACKUP YOUR DATA
· Avoid spam emails.
· Update your OS & software regularly
· Use strong passwords
· Notice a suspicious process on your PC
· Use anti-malware software and a firewall.
most of the antivirus do not protect ransomware virus. ransomware virus act files as encrypted
