How to block ransomware attacks successfully.
Ransomware attacks use malicious links and attachments in email to gain access to an individual's or organization's files, encrypt them and hold them hostage until a fee or ransom is paid. Users are typically duped into opening an attachment that looks like an invoice, a Word document, a package notice or some other legitimate file.
To block ransomware attacks, you need technology that can warn about suspicious links and attachments and prevent users from clicking on or opening them. And to minimize the impact of an attack – since it's virtually impossible to protect from ransomware attacks 100% of the time – you need powerful tools for backup and recovery that can ensure access to email data during and after an attack.
Block ransomware attacks with Mimecast.
Mimecast helps to block ransomware threats and prevent loss of data with cloud-based solutions for email security, archiving and continuity. As a SaaS-based subscription service, Mimecast is easy to implement and manage. And as an all-in-one solution, Mimecast eliminates the need to deploy and manage multiple point solutions for security, archiving, search, backup, recovery and continuity.
To block ransomware, Mimecast's security services scan every inbound and archived email to detect ransomware attacks based on advanced threat intelligence. Mimecast rewrites all links in emails and scans the destination website in real time when a user clicks on a link, blocking access to any website determined to be suspicious. To further block ransomware attacks, Mimecast scans all attachments and preemptively sandboxes any file that may contain malicious code like macros in a PDF or Microsoft Office file. Once the attachment is deemed safe, it can be delivered to the user. If users need faster access to attachments, Mimecast can automatically transcribe attachments to a safe format and deliver it immediately with the email message.
Mimecast tools to block ransomware and its effects.
When security measures failed to block ransomware, Mimecast reduces the impact and loss of data by providing a robust and redundant archive of data in the cloud. Mimecast's easy-to-manage archiving solution keeps triplicate, encrypted copies of email and files in data centers that are dispersed geographically, ensuring that users have access to data during and after a successful ransomware attack.
Learn more about how to block ransomware and mitigate the effects of a Locky ransomware attack with help from Mimecast.
FAQs: Block Ransomware
What is ransomware?
Ransomware is a kind of malicious software, or malware, that is designed to prevent users from accessing the files and data on their computer until a ransom is paid. Ransomware is most often spread through email attacks like phishing and spear-phishing, but malware may also be launched when users visit websites infected with ransomware. Attackers may also exploit vulnerabilities in systems and software to gain access to computer networks and launch malware attacks.
How does ransomware block access to computers?
After infecting a computer, a ransomware attack may play out in several ways:
- The ransomware may encrypt some or all files on the computer, preventing users from accessing them without a decryption key which is only available by paying a ransom.
- A ransomware attack may threaten to make public sensitive data on the user’s hard drive unless the user pays a ransom.
- Other forms of ransomware may issue messages that claim a virus has infected the computer and directing the user to make a payment to resolve the issue.
How to block ransomware?
To block ransomware attacks, it’s important to have a multilayered approach to security. Anti-ransomware software and services can help to block ransomware attacks that are already known as well as new and emerging types of ransomware. Because human error is often a significant contributor to successful attacks, it’s important to implement security awareness training that can teach users how to identify and block ransomware attacks. And keeping systems patched and up to date can help to block ransomware attacks that exploit system vulnerabilities.
What kinds of solutions and services block ransomware?
- Spam filters and anti-malware programs software can help to block ransomware attacks that have already been identified.
- Advanced anti-ransomware or anti-impersonation filters can help to identify new types of email-borne threats that use social engineering techniques to launch ransomware attacks.
- Content scanning and filtering technology that evaluates links and attachments in real time can block ransomware by preventing users from clicking on suspicious URLs or opening weaponized attachments.
- Requiring employees to use two-factor authentication can help to prevent attackers from using the login credentials they acquire through phishing to access corporate networks and launch a ransomware attack.
What if I can’t block ransomware?
When your attempts to block ransomware are unsuccessful, you can take immediately take several steps to protect yourself and your organization.
- Block ransomware from spreading by disconnecting all infected computers from the network and any shared storage area.
- Identify the type of ransomware and report it to U.S. Cybersecurity and Infrastructure Security Agency (CISA) at us-cert.gov/report and to a local FBI field office.
- Determine your best course for recovering data – you may attempt to decrypt files using available tools or help from a specialist, or you may decide to wipe infected computers clean and restore files from backup.