CIS 552 Ransomeware and Virus Protection

Ransomeware and Virus Protection

Identify the common targets of ransomware. Explain why these targets are so attractive to

hackers.

Ransomware is a form of malicious software or malware that has taken over your computer, threatens you with harm, and denies you access to your data. The attacker then demands a ransom from the victim to hopefully restore access to the data upon payment. Ransomeware can be disbursed through many outlets. One of the most common delivery systems is phishing spam; attachments that come to the victim in an email, masquerading as a file they should trust. Once they're downloaded and opened, they can take over the victim's computer, especially if they have built-in social engineering tools that trick users into allowing administrative access. Common targets of ransomware is usually large corporations, but small businesses, mid sized companies, enterprises, and organizations are fair game too. These targets can be attractive to hackers for many reason like money and publicity.

Determine the best practices that should be implemented by the security department to

help reduce the risks posed by ransomware.

Stuvia.com - The Marketplace to Buy and Sell your Study Material

The single most effective deterrent to ransomware is to regularly back up and then verify your system. More recent ransomware attacks have not only encrypted data files but also Windows system restore points and shadow copies, which could be used to partially restore data after a ransomware attack. Backups should be stored on a separate system that cannot be accessed from a network and updated regularly to ensure that a system can be effectively restored after an attack.

Other effective mitigation strategies include the following steps:

• Educate employees. Like other malware, ransomware often infects a system through email attachments, downloads, and web browsing. Organizations should conduct regular training to help employees avoid common malware pitfalls.

• Conduct regular data backups. This bears repeating. Conduct regular backups of your system and store the backups offline and preferably offsite so that they cannot be accessed through your network (For ransomware, offline is more important. For other events, offsite is more important).• On a separate-but-related front, it is also important to regularly verify the data backup process to ensure backups are capturing all necessary data and that the restore process works in your environment. At a home/personal level, backup important files as they are modified and be sure that backup media (thumb drives, external hard drives) are not left connected to any networked device. Periodically check that the files can be accessed from the backup device. You don't want to discover that it is defective at the point you need to

Stuvia.com - The Marketplace to Buy and Sell your Study Material

restore data from it. It is also important to point out that popular online backup solutions may also be vulnerable to a ransomware attack as the backed up data may be overwritten with newer version that is already encrypted by ransomware.• Restrict code execution. If ransomware is designed to execute from temporary and data folders, but it cannot access these folders due to access control, that could be a successful roadblock to data encryption.• Restrict administrative and system access. Some strains of ransomware are designed to use a system administrator account to perform their operations. With this type of ransomware, decreasing user accounts and terminating all default system administrator accounts can create an extra roadblock.• Maintain and update software. Another important yet basic rule for protecting against and/or ensuring early detection of ransomware is to maintain and update software, in particular security and anti-malware software.

Propose what users and system administrators should do when a potential infection has

been suspected.

There is no guaranteed way to keep malware out. Installing and using antivirus and anti-spyware software is a good start. But what does it look like when these tools fail? And what can you do about it?The following might indicate your computer is infected with malware.

• Lots of pop-up windows or unexpected messages on-screen

• Unexpected toolbars appear in your web browser

Stuvia.com - The Marketplace to Buy and Sell your Study Material

• New icons or programs appear on your computer

• Your web browser home page changes or you are redirected unexpectedly to unknown websites • Your computer suddenly seems slow, freezes, or crashes during basic tasks If you suspect infection, you should • Download the most recent definitions for your antivirus and anti-spyware software

• Run a full scan using both tools (this will usually be much more in-depth and will take longer than the regular monitoring scans) • Follow the software's instructions to remove suspected malware

• Reboot your computer, if necessary

If removing malware this way doesn't work, or if the malware returns when you reboot your computer, you should seek professional help.

Compare and contrast viruses, worms, and Trojans, and indicate which of these you

consider to be the greatest danger to computer users and / or the greatest challenge for

security personnel to protect against.

A computer virus is a small program written to alter the way a computer operates, without the permission or knowledge of the user. A virus must meet two criteria: • It must execute itself. It will often place its own code in the path of execution of another program.