Ransomware is getting big notice in the press. Frankly, it makes a pretty readable story; organization gets hit by a virus, data is locked up and they pay a ransom to get their data back. Like the plot of a movie, perhaps. Except this is real, happens to people just like you and it's unlikely to stop anytime soon.
To control something like this, it's important to fully understand the issue first. Here are a few FAQs on Ransomware to get started on that understanding.
Who is deploying ransomware?
Criminals. In some cases there are large criminal networks in other cases it is a smaller operation. But the source of nearly all Malware is criminal profit.
Who are they targeting?
In some cases the target is very broad, and in some cases it is quite narrow. For example, if the purpose of the Malware is to build a botnet, or to deploy cryptographic ransomware then the target will be as broad as everyone running a particular OS. In other cases the target may be valuable information at a specific company and that target will be specific users within that organization.
What your chances are of suffering this type of attack?
Extremely high. In a given week every single system is probably subject to an attempted Malware installation of some sort. In many cases the Malware may target another OS, or is looking for a vulnerability that has already been patched on that system. But between email and the web, users are constantly being bombarded.
What can be done to prevent ransomware?
Cover the three most common attack vectors, Web, Email and Endpoint using cloud based security. Train your users regularly on how to avoid being infected by falling for phishing or other scams. Keep all operating systems and software packages up to date.
What should be done once your organization has been hit?
First quarantine the network or systems that are potentially infected do not let the system on the network or Internet, all file transfers should come from hard media, next scan the systems and remove the threat, third reboot the system and scan again to make sure the threat has been removed. Fourth install endpoint protection if it was not already installed. Fifth, change system passwords. Sixth, install all security updates from OS and software manufacturers. Sixth reconnect to the network. Seventh, change all online passwords, assume every single one of them was compromised by a key logger. Lastly, continue to monitor the system of unusual activity.