Is your Business and Personal files safe from Ransomware?

Ransomware attack occurs when the security of a institution or a personal computer has been breached. Ransomware is a Trojan that modifies users data in the victims computer so that the victims can no longer access the data or fully use the computer.


We are in the information age and we produce data every day. Data ranges from documents, images, audio and video files.

What if you woke up one day and all your data is no longer accessible? What if all your files are encrypted by a ransomware?


When the data is taken/decrypted, the victim receives a ransom demand to get his data back. It is introduced to your machine deceptive links in an email, attachments in an email or a malicious website.

Ransomware Attack Process.

  • Delivery into victims machine.

A ransomware is delivered to machine is several ways. It can be via a malicious attachment, exploitation of software vulnerabilities or penetration in case of targeted attack.

  • Execution.

A malware is installed on the victim’s machines and encrypts user important files.

  • Ransom Demand

When encryption is successful, they demand ransom on the victim screen to be paid in cryptocurrency.

  • Data decryption (optional.)

They promise to send you an encryption key when the ransom is paid but there are no guarantee.


Signs of Ransomware attack.


When a computer or phone is infected with a ransomware, it may appear in different formats.

  • Bombarded with endless alerts and pop-up messages.

  • All files in your computer or phone are encrypted.

  • Impersonating a law enforcement agency and claiming that your machine user was caught performing illegal activities online.


Prevention from Ransomware.


Ransomware attack occur when the security of a institution or a personal computer has been breached. You can enhance your security in the following way:


  • Make sure your firewall is always turned on.

Firewall is a system designed to prevent unauthorized access to a private network. It can be

control the port that can be accessed, addresses that can connected to a network and also websites that can be accessed.

Firewall can also be enhanced by blocking all unauthorized access by blocking websites, ports and IP addresses.

  • Application startup Control.

Application startup control is the security feature that restrict execution or installation of applications that have not been authorized. This begins by identifying the application you need in you organization or computer and allowing them to execute and blocking any other application from executing.

For organizations and institutions, it is advisable to restrict install permissions from all user and only assign them to IT administrators.

  • Scan Emails for executable files.

Ransomware may be attached in an email and sent to a user. By scanning emails of executable file, it prevents attack of ransomware via email attachments.

  • Avoid questionable websites.

Websites can also be used to send ransomware. Avoid websites that are insecure.

They are use enticement message of gifts and awards to cause a user to download a file or click on link. Website access can also be controlled by using Kaspersky endpoint security because it enables you configure web control.

  • Audit installed software.

The current installed software in the endpoints and servers can compromise the security if they have vulnerabilities. Hacker may exploit the known vulnerabilities to inject ransomware in your network. A regular audit is very important to ensure that all the software are updated.

  • Backup

Its is advisable to always have a backup of you crucial data either in a secure cloud platform or on a physical location which is beyond reach by any external connection.



In an article dated 3/08/2020, Globalsign wrote a blog on an ransomware attack in Telecom Argentina. Telecom Argentina was attacked by a ransomware on 18/07/2020. The attack began from the companies call center and spread to in the network. Hackers managed to encrypt 1800 workstations with stolen credentials.


The attackers demanded a ransomware of nearly $7.5 million from the company to be paid in Monera and threatened to raise the ransom to $15 million if they were not paid within three days.


For more information check the following links:

https://www.kaspersky.com/enterprise-security/wiki-section/products/ransomware-protection

https://www.kaspersky.com/resource-center/definitions/what-is-ransomware

https://www.cisa.gov/ransomware

https://www.globalsign.com/en/blog/ransomware-attackers-demand-millions-telecom-argentina#:


41 views0 comments