Detecting and responding to ransomware

Back

Ransomware is the current bane of security experts and businesses alike. Infection rates over the last year and a half have increased dramatically. Unfortunately, the majority of businesses are unaware of the risks or how easy it is to become infected. As an example, there have been instances where adverts on well-known, reputable websites have redirected to ransomware, causing immediate infection on unprotected computers.

At this point, there are more than 124 separate variants of ransomware. More common strains are various versions of Locky and Cryptolocker. Ransomware is now at the forefront of malware innovation, with virulent strains of ransomware able to operate only in the memory of a computer, leaving no trace on the computer's file system. This makes it increasingly difficult for security specialists, software, and developers to prevent attacks.

Here are some tips which you can use in case one of your computers becomes infected:

  • Try and detect the infection as soon as possible. It takes time for ransomware to encrypt files and if it is found in the early stages of infection then the damage can be more easily rectified.
  • Use some software to detect ransomware. At Datcom we have written an application which reports back to our Network Operations Centre if there is a possibility of infection, and also indicates the user who might be infected.
  • Identify the computer which is causing the infection and disconnect the Ethernet cable or switch off the Wi-Fi. If you are unsure, turn off the computer too.
  • Train your team to respond if they receive a ransomware pop-up (it is surprising how many people will close the infection alert and not notify anyone, losing valuable minutes or hours.)
  • Switch off folder sharing on the server in case the virus has spread to more than one computer.
Once the infection has stopped spreading and it has been confirmed that no other computers are infected, it is time to start restoring data from your backup (using your Disaster Recovery plan.) If you do not have a DR plan, are unsure if you have a backup, or have never performed a test restore, it is time to contact Datcom.

Get in touch

Call us on 0333 000 3210 or Email us solutions@datcom.co.uk

Latest news...

Why Managed IT Services are good for your business

The East Midlands is packed with amazing and successful businesses – all of which are different and unique in the way they conduct themselves and achieve their goals. One thing that many of these businesses do have in common is that they choose to use Managed IT Services.

Read More

Charity of the Year: Lymphoma Action

This year, Datcom have chosen to raise money for Lymphoma Action and help support people affected by this cancer. The Datcom team have been busy thinking up fresh ideas and this year we’re going big!

Read More