FAQs

Question 1

What do you do if your company is attacked by ransomware?

Accepted Answer

Implement Your Disaster Recovery Program. Limit the further spread of the ransomware and start your disaster recovery process.Wipe and Reinstall Machines. Close any impacted machines, wipe them, and reinstall the OS and applications.Recover Uncompromised Data. Use backup data from your last known “good” data set.Apply a “Lessons Learned” Approach. Revise security procedures and staff training to stop these issues from happening again.Identify Security Gaps to Brace for the Future. Take measures to develop new organizational policies and deploy new solutions to increase your organization's cyber defenses.

Question 2

What are the most common ransomware attack vectors?

Accepted Answer

Remote Desktop Protocol (RDP): In recent years, RDP has been a top entry point, allowing ransomware operators to gain a foothold in an environment. RDP allows users—and thus, ransomware actors—to remotely control computers or virtual machines over a network connection. Social Engineering: Criminals contact users and persuade them to install software on their machines. Email Attachments: Users open an email attachment that contains malware, which then installs on their machine. Macros: Macros in Microsoft Office and other apps can install ransomware. Downloads: Certain downloaded software can have a hidden “payload” of ransomware. Spreading Through Network Drives: Mapped network drives allow the ransomware to spread to other machines. Malware-Infected Websites: Certain websites can install malware when visited—especially if you have not patched your browsers or turned on proper browser security. This includes popup online ads. Administrative Access: Root or administrative access can allow malware to spread quickly through your organization. Fileless (Living Off the Land): Ransomware may use fileless malware techniques to stay hidden as it advances through the network.

Question 3

What are the different types of ransomware?

Accepted Answer

Crypto Malware or Encryptors block access to data and applications by encrypting files and devices. Lockers completely block access to a computer system. Scareware claims to identify other malware like viruses on your computer, and then demands money to remove them. Doxware steals sensitive information from your computer and threatens to release it online. Human-Operated Ransomware (“hands-on-keyboard”) are when cybercriminals actively navigate through targeted infrastructure. Ransomware-as a-Service (RaaS) refers to the practice of an attacker paying a ransomware service operator a subscription fee to use ready-packaged ransomware toolkits/malware. In RaaS, the ransomware owners and their affiliates, the entities who execute the ransomware payload, share the ransom payout.

Ransomware

All Glossary Entries