www.netfort.com 5 Tips For Preventing Ransomware on Your Network
Jan 14, 2015
www.netfort.com
5 Tips For Preventing Ransomware on Your Network
www.netfort.comSlide 2
• NetFort has witnessed an increase in variants of ransomware viruses recently.
• The fraudulent activity works by taking over your computer and blackmailing you for cash.
• The criminals behind these viruses typically request between $300-$600 for an encryption key.
• A survey by researchers at the University of Kent found that 41% of UK respondents who were Cryptolocker victims claimed to have agreed to pay the ransom.
Ransomware overview
www.netfort.comSlide 3
Ransomware Overview
• The big worry for most IT managers is that not only can the ransomware viruses encrypt local files but they also have the ability to encrypt data hosted on network shares. This has many managers frantically checking their backup procedures in case the virus gets on their network
www.netfort.comSlide 4
HowDecrypt Virus• One of the most recent ransomware viruses to
appear is called HowDecrypt.• Typically the virus arrives via email and installs
when links within the email are clicked. Once active the virus will then seek out user files and encrypts them. Once the encryption process is complete the virus creates a text and image file which contains information on how to get the data decrypted.
• Watch the one minute video on the next slide to discover how you can detect HowDecrypt activity on your network.
www.netfort.comSlide 5
Keep Ransomware of your network
Tip 1• Make sure your end users are
educated on the risks of clicking on links contained within any email.
www.netfort.comSlide 6
Keep Ransomware of your network
Tip 2• Ensure you have up to date antivirus
and operating system patches on all network connected devices.
www.netfort.comSlide 7
Keep Ransomware of your network
Tip 3• Find out what is happening on your
network through the use of traffic analysis and forensics tools.
www.netfort.comSlide 8
Keep Ransomware of your network
Tip 4• Make sure you understand what is
going in and out of your network perimeter. Remember that all sorts of applications could be using TCP port 80.
www.netfort.comSlide 9
Keep Ransomware of your network
Tip 5• Keep up to speed with what is
happening in the world of IT security. Subscribe to security themed RSS feeds or follow a few of the influential security professionals on Twitter.
www.netfort.comSlide 10
Conclusion
You should conduct a review of you network as soon as possible. Make sure your backup jobs are completing so that you have an option to restore files in case they do get encrypted.
Check for activity associated with 62.76.176.78 which we have found to be associated with ransomware activity. You can use LANGuardian to do this by simply entering the IP address into the forensics search panel.
www.net for t .com