Photo by John Cameron on Unsplash

Photo by John Cameron on Unsplash

Fight Windows ransomware with on-board tools

Negotiating Hurdles

Article from ADMIN 80/2024
By
Ransomware defense involves two strategies: identifying attacks and slowing the attackers to mitigate their effects.

The horror scenario: Your organization's data has been encrypted – in the worst case, after the data has been stolen and is at risk of ending up on the darknet. The measures used to mitigate the effect of ransomware can be broken down into two aspects. The first involves preventing attacks, and the second is all about slowing down the attack if it is successful. Both tasks require changes to workflows and processes involving administrative intervention that is not always convenient.

Entry

Ransomware has a limited number of vectors for entering the company network. Email and malicious attachments come first, but external access to the mailbox is also conceivable, with the manipulation of existing attachments. Many companies also have holes in the firewall that provide a direct route to the internal network. Remote Desktop (RDP) and other protocols that allow remote access are worthy of note, as well as manipulated software that users download and install. Last but not least, one visit to a manipulated website is all it takes to be infected by ransomware or some other malware (drive-by attacks).

Email

Email is the most common way for ransomware to enter a company. A simple file attachment is all it takes. Sending billions of email messages costs nothing but electricity. Valid target addresses can be bought, found, and generated. Anyone who has worked with the same email address for a period of time will be familiar with the problem of spam and be aware that their own address has been public knowledge for a long time. What was technically brilliant about the Locky attack [1], for example, was that the malware and the associated executable file were not directly included in the attachment. Instead, the recipients received an Excel file with a macro that acted as a

...
Use Express-Checkout link below to read the full article (PDF).

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

comments powered by Disqus