Lead Image © Andrea Danti, 123RF.com
Discover ransomware with PowerShell
Danger Ahead
Backups are not a panacea for all ransomware infections. If a backup overwrites your original files with ransomware encrypted data, your files are gone. Admittedly, this only applies to trivial backup strategies, which you might find in small business environments or in freelancer operations. In mid-sized companies and enterprise environments, this may be not so tragic at first glance, because your archives have backups for the past few weeks.
However, even this is not guaranteed. If the data are outdated, the backups are not much use after a restore. In simple scenarios, the data are only saved to a USB hard drive or online storage, and there is typically only one backup set. An even greater danger is overwriting usable backup data with ransomeware encrypted data. This is especially true if the ransomware does not change the file extensions, which happens in some cases. Of course, there is no alternative to the backup and restore protection concept.
Basic Protection Measures
A reliable process for addressing ransomware is not yet available, even if the security industry has reported initial success here and there. Ideally, you should implement general security recommendations and thus make life difficult for the ransomware. These recommendations include:
- Patching in good time.
- Working without administrative permissions.
- Hardening the web browser and preventing (JavaScript) scripts, where feasible.
- Disabling macro functionality, where reasonably possible.
- Analyzing email attachments critically.
- Verifying system-wide access permissions.
- Operating multilevel backups.
Ransomware typically relies on a brutal approach. For example, it reads and encrypts all of a computer's game files or all of your private photos in one fell swoop and writes them back to the disk. Upon completion, a message appears on your
...
Buy this article as PDF
(incl. VAT)
Buy ADMIN Magazine
US / Canada
UK / Australia
Related content
-
Halting the ransomware blackmail wave
In the tsunami of ransomware infections this year, the Locky encryption trojan is a high-water mark. With a constant stream of novel attack patterns, this continually evolving pest makes life difficult for IT managers, users, and security vendors. Here's how to protect yourself. - A New Ransomware Targeting Linux-based NAS Devices
- Cheerscrypt Ransomware is Targeting VMware ESXi Servers
-
PowerShell Part 3: Keeping PowerShell in the Loop
PowerShell’s ability to use loops extends its reach to remote systems and performs repetitive operations.
- Ransomware Infects 625,000 Systems