Inscrivez-vous ou connectez-vous pour rejoindre votre communauté professionnelle.
In addition to your answers and the last one given by Elie, we must know that the user education is very important : Education users : send security notifications and posters, manuals, animations
Deploy a security Awareness portal ( e-learning portal) that offert to the user the posibility to learn and be trained, read security course about ransomware , phishing ATTACKS .....% of ransomware attacks come from emails attachements
https://www.malwarebytes.com/surveys/ransomware/?aliId=
After education try to run : security awareness campaigns like phishing compaign , simulating phishing attacks like ransomware and then see the users prudence and measuring the security knowledge of the users
This is a very important point , users must be educated , and every user is responsible for the security of the company
For ransomware attacks remediations there are many valid methods published on the internet
Ransomware is defined as a type of malware that creates a restriction of some type on the user’s computer. In order to remove the restriction, the user must pay a ransom.
Ransomware is defined as a type of malware that creates a restriction of some type on the user’s computer. In order to remove the restriction, the user must pay a ransom. This form of crimeware is unique in that it tries to coerce the user into directly paying the criminal––effectively turning the malware itself into a way for the attacker to profit. Over the past five years, ransomware has become more and more widespread because of the initial success of cybercriminals in convincing victims to pay to recover their files.
Ransomware is malicious software that cyber criminals use to hold your computer or computer files for ransom, demanding payment from you to get them back. There is a variety of ransomware can get onto a person’s machine, but as always, those techniques either boil down to social engineering tactics or using software vulnerabilities to silently install on a victim’s machine.
The most-proactive method of protecting :
Build a “human rewall”: The biggest threat is users who let the ransomware on their endpoints. People are the weakest link.
Apply all current operating system and application patches: Many ransomware strategies take advantage of vulnerabilities in the operating system or in applications to infect an endpoint. Having the latest operating system and application versions and patches will reduce the attack surface to a minimum.
Spam ltering and web gateway ltering: Again, the ideal approach is to keep ransomware o the network and the endpoint. Spam ltering and web gateway ltering are great ways to stop ransomware that tries to reach the endpoint through malicious IPs, URLs, and email spam.
Allow only whitelisted items to execute: Use an “application control” method that o ers centrally administered whitelisting to block unauthorized executables on servers, corporate desktops, and xed-function devices, thus dramatically reducing the attack surface for most ransomware.
Limit privileges for unknown processes: This can be done easily by writing rules for host intrusion prevention systems or access protection rules.
Back up your data : The single biggest thing that will defeat ransomware is having a regularly updated backup. If you are attacked with ransomware you may lose that document you started earlier this morning, but if you can restore your system to an earlier snapshot or clean up your machine and restore your other lost documents from backup, you can rest easy.
Filter EXEs in email : If your gateway mail scanner has the ability to filter files by extension, you may wish to deny mails sent with “.EXE” files, or to deny mails sent with files that have two file extensions, the last one being executable (“*.*.EXE” files, in filter-speak).
Through the following:
-Educating users.
-Avoid clicking on any suspicious link.
-Avoid opening spam e-mail unless you trust the address.
-Keep your systems patch updated.
-Make sure you have a trusted antivirus.
-Secure your environment through Firewall and sandboxing for large organization.
-Keep updated backup of your data always.
-get licensed systems.
-On cell, check application access before downloading.