Ransomware prevention

Ransomware prevention with Mimecast

Ransomware prevention is a critical priority.

As the frequency and cost of ransomware attacks continues to rise, solutions for ransomware prevention must be at the top of every IT department's list of priorities.

Ransomware like the crypto virus or cryptowall often originate in email or spam and get activated when a user clicks on a malicious link or opens a weaponized attachment. The ransom virus blocks access to files or encrypted data, allowing companies to regain access only after paying a ransom.

Ransomware prevention requires sophisticated tools that can identify potentially dangerous email and prevent users from inadvertently starting an attack by clicking a suspicious link or opening a dangerous attachment. That's why so many companies worldwide turn to cloud-based ransomware prevention services from Mimecast.

Ransomware prevention with Mimecast.

Mimecast provides email security, continuity and archiving solutions in an all-in-one subscription service that helps to reduce the cost and complexity of protecting and managing email. Rather than deploying a variety of standalone security and backup products, Mimecast offers a single solution that combines tools for ransomware prevention with continuity and archiving capabilities for fast recovery. With Mimecast, ransomware prevention is always on and always up-to-date, reducing the burden on IT while protecting users and data more effectively.

How Mimecast approaches ransomware prevention.

To protect against ransomware, Mimecast offers a multi-layered approach to detect ransomware and prevent it from blocking access email or data.

Mimecast Targeted Threat Protection is a suite of security services for ransomware prevention that enable you to:

  • Block malicious URLs. Mimecast rewrites all URLs within incoming and archived emails and scans destination websites on every click to prevent users from visiting a potentially malicious website.
  • Protect against weaponized attachments. When an attachment is deemed to be suspicious, Mimecast sandboxes the attachment before delivery to protect against unknown malware, or transcribes it to a safe format, allowing the user to view it immediately.
  • Recognize and defend against impersonation attacks. Mimecast protects against malware-less attacks that seek to impersonate trusted senders by scanning all inbound emails in real time, identifying and blocking or tagging suspicious emails.

Mimecast's ransomware prevention services are informed by third-party and Mimecast proprietary threat intelligence, providing up-to-date warnings about the latest threats. And in the event a ransomware attack is successful, Mimecast archiving services enable you to quickly regain access to email data by restoring content to a point before the launch of the ransomware attack.

Learn more about ransomware prevention with Mimecast.

FAQs: Ransomware Prevention

FAQs: Ransomware Prevention

What causes ransomware?

Ransomware is a type of malicious software or malware that is intended to block users from accessing files and data on their computer until a ransom is paid to the cyber criminals who launched the attack. The most common type of ransomware attack uses a crypto algorithm to encrypt files, allowing data to be accessed only with a decryption key that is obtained by paying a ransom.

Ransomware is often spread via phishing emails that trick recipients into opening a malicious attachment, clicking on a link that takes them to a malicious website, or revealing login credentials that cyber criminals can used to access a corporate network. Attackers may also exploit vulnerabilities in software or systems to gain access to network resources. In each instance, ransomware is surreptitiously installed on the user’s computer. After files on the infected computer have been encrypted, the user receives a ransom note demanding payment, typically through crypto currency.

What is ransomware prevention?

Ransomware prevention refers to the variety of products, services and best practices used to prevent ransomware attacks from successfully infiltrating a user’s computer. The most effective ransomware protection is a multilayered approach to security that includes:

  • Security awareness training for users that educates them about the types of phishing email they may encounter which can lead to a ransomware attack. Minimizing human error is perhaps the most effective form of ransomware prevention.
  • Anti-ransomware and antivirus software and services that identify suspicious email and web traffic, blocking users from receiving potentially dangerous email and from opening potentially malicious links and attachments.
  • Regular updates and patches to software and systems that prevent attackers from accessing vulnerabilities.
  • Robust data backup solutions that enable organizations to quickly recover from an attack when ransomware prevention efforts are not successful.
  • Continuity solutions that provide continuous access to email and files during and after an attack, mitigating the potential loss of productivity that ransomware can cause.
  • Two-factor authentication protocols that can prevent an attacker who has stolen login credentials from successfully accessing the system.

How do ransomware prevention software and services work?

There are several types of anti-ransomware software measures that can improve ransomware prevention.

  • Antispam, antivirus and anti-malware programs are often effective at ransomware prevention when it comes to types of ransomware that have already been identified and analyzed.
  • Ransomware prevention solutions that scan email and web traffic for telltale signs of a phishing email can help to block new and emerging threats. These may include signs of impersonation attempts or social engineering techniques.
  • DNS authentication services including SPF, DKIM and DMARC, can help to spot emails with sender spoofing which is often employed in ransomware attacks.
  • Services that use content filtering to inspect email in real time can block users from clicking links or opening attachments that may be suspicious.

What should I do when ransomware prevention doesn’t work?

When ransomware prevention efforts are unsuccessful and you are the victim of a ransomware attack, you should immediately disconnect the infected computer from the network and from any shared storage, to prevent ransomware from spreading to other computers. After documenting any ransom messages that you have received, report the ransomware attack to the authorities by contacting the U.S. Cybersecurity and Infrastructure Security Agency (CISA) at www.us-cert.gov/report, and by reaching the FBI through a local field office. Next, you can explore options for recovering your data, which may involve using tools or services to try to decrypt your files, or wiping your infected computers clean and recovering data from a clean backup.

How does security awareness training contribute to ransomware prevention?

Human error is often a significant contributor to successful ransomware attacks. Ransomware is most often spread through phishing emails that trick users into taking an action that enables the ransomware to launch. Security awareness training can help employees to recognize the signs of a phishing attack and know what to do when they encounter potentially dangerous email and websites.