The threat of virus ransomware
Virus ransomware is a quickly growing threat to corporate security. In a ransomware attack, hackers breach an organization's network and hold it hostage by blocking access to systems, requiring organizations to pay ransom to regain access.
As virus ransomware attacks frequently begin through email phishing scams and similar threats, finding ways to stop these threats and block malicious URLs and weaponized attachments must be a high priority for IT departments.
Steps for responding to a virus ransomware attack
Isolate the infected device(S)
Virus ransomware can spread from device to device, so make sure the infected device is disconnected from the server, internet, and other devices. The sooner you're able to do this, the better. Be sure to do the same with any devices that are behaving suspiciously.
Look to see if anything has been encrypted or had its file extension changed. Be sure to back up any sensitive data to external storage devices or secure cloud services if you haven't already.
Report any virus ransomware attack to law enforcement authorities
It's critical to report any virus ransomware attack to the appropriate authorities for a number of reasons. Often, law enforcement can help with recovering your data and bringing cybercriminals to justice. If you can, identify the type of ransomware that has infected your computer so that the authorities may be able to better help you regain access to any compromised systems and files.
Explore options for data recovery
After you've suffered the attack and notified the authorities, it's time to look into ways to recover your data. There may be vendors who specialize in decryption, or it may be best to wipe your drives clean and re-import backup data to your system once you've put proper protections in place.
Protect against virus ransomware going forward
At some point it's time to put the past behind you and move towards a better future. Mimecast is with you every step of the way, from providing security awareness training to your employees, to helping your organization protect its data without compromising efficiency.
Should you pay ransom for virus ransomware?
It is generally recommended organizations do NOT pay ransom, as there are no guarantees that paying cybercriminals will effectively restore the data. In fact, complying with ransom demands may embolden them to further target the paying organization.
Mimecast solutions for mitigating virus ransomware
To protect against virus ransomware, Mimecast Targeted Threat Protection provides three levels of defense that neutralize the most common methods used by attackers:
- URL Protect prevents users from clicking on malicious links in email until the target URL has been determined to be safe. Mimecast scans links in live email as well as archived messages to prevent delayed attacks.
- Attachment Protect provides defenses against virus ransomware by protecting employees from attachments that contain malware. Mimecast can preemptively sandbox attachments while checking for malware, or transcribe attachments to a safe format before sending them on to users in order to provide faster access to documents.
- Impersonation Protect helps to stop phishing emails and other threats that use social engineering techniques to dupe users into revealing sensitive information or wiring money to fraudulent accounts. This Mimecast service provides virus ransomware and phishing protection by scanning all email for signs of fraud and then, based on administrator-defined policies, blocking or quarantining the message or sending it on to the intending recipient with a warning that it may be suspicious.
Learn more about stopping virus ransomware with Mimecast, and about solutions to prevent Office 365 phishing.
Virus ransomware FAQs
What is a ransomware virus?
A ransomware virus is a form of malware, or malicious software, that can be downloaded to a user’s computer, denying access to the computer or the data on it until a ransom is paid. Ransomware is a form of cybercrime that is usually spread through phishing emails which convince users to share login information, click on a malicious link or visit a website where a ransomware virus can be covertly downloaded to their computer.
How to remove a ransomware virus?
When a ransomware virus is successfully downloaded to a computer and an attack is launched, organizations should immediately isolate the virus by disconnecting the machine from the network and from any storage devices shared with other computers. After identifying the ransomware virus by the language in the ransom note, organization should report the virus to federal authorities at the U.S. Cybersecurity and Infrastructure Security Agency (CISA) at www.us-cert.gov/report, and to a local FBI field office. To recover data, organizations can either try to decrypt files using decryption tools or ransomware specialists, or to wipe the system clean and reinstall data from a recent backup.
How to avoid a ransomware virus?
Avoiding a ransomware virus is the best way to prevent an attack. Anti-malware and antispam software can identify and block many routine or known ransomware virus threats. A secure email gateway with advanced inspection and filtering capabilities can block new and emerging ransomware threats by identifying indicators such as social engineering techniques as well as header anomalies, domain similarity and suspect language. Defenses that inspect URLs and attachments within email can block users from opening suspicious links or files. And DNS authentication services can spot email that may use sender spoofing to launch a ransomware virus.
How to train employees to prevent a ransomware virus?
Security awareness training is an integral part of defense against ransomware virus attacks. Human error is a leading factor in security breaches such as ransomware attacks, and training employees to be more vigilant can transform them from the weakest links in the security chain to an organization’s most effective defenders. Training typically focuses on how to recognize phishing emails that may be used in conjunction with a ransomware virus, and how to avoid the types of social engineering techniques that cyber criminals often used to breach defenses.
How to detect a ransomware virus?
There are a number of common indicators of a phishing email that may be designed to install a ransomware virus on the computer. These include:
- Suspicious attachments such as unexpected invoices or files.
- Grammar and spelling mistakes or uncharacteristic language that indicate the sender may not be who they claim to be.
- Non-personalized communications, with salutations that don’t mention the recipient’s name.
- Threats of negative consequences and/or an urgent tone that are designed to encourage recipients to act quickly.
- Requests for personal information such as login credentials.
- Inconsistencies in email addresses, domains and URLs, where the email address in the header is not an exact match for the company the email claims to be from, or where links in the body of the email don’t match the actual URL target within the link.
Stop virus ransomware with Mimecast
Mimecast provides comprehensive email security services, including tools to stop virus ransomware as part of an all-in-one subscription service for email security, archiving and continuity.
Mimecast's email security services eliminate the need to deploy a variety of point solutions to prevent spear phishing, virus ransomware, CFO fraud and other threats. Mimecast provides protection from these advanced threats as well as the threats of malware, spam, data leaks and more. Mimecast employs a secure email gateway, sophisticated detection engines and constantly updated threat intelligence to mitigate known and emerging threats before they reach the corporate network.