What is ransomware?
Ransomware is a type of malware that encrypts documents and makes them inaccessible. Ransomware attackers attempt to make their victims pay the ransom using specific payment methods. After that, they may grant access to their data. The following distribution methods are used by attackers to extort victims organizations:
- Phishing – Emails to employees disguised in work-related correspondence.
- Exploiting Vulnerability: Exploiting vulnerability software that runs on public-facing servers.
- Secondary infected: Using pre-existing botnets to gain access to the victim’s network.
- Services that are not adequately secured: Attacking companies through RDP services that aren’t properly secured, using weak credentials or leaked credentials.
Symantec Endpoint Protection protects against ransomware
Symantec Endpoint Protection has many features that protect against ransomware. Most of these features are available by default. See: Symantec Endpoint Protection provides Ransomware Protection Symantec Endpoint Protection protects against ransomware
Ransomware prevention tips
|1. Protect your local environment||
|2. 2. Protect your email system||
|3. Backups are essential||Back up the files on clients and servers regularly. You can either back up files offline, or you can use a system that servers and computers on the network cannot access. You can also copy important files to removable media if you don’t have backup software. Next, remove and unplug removable media. Do not leave removable media plugged in.
Secure mapped network drives with a password and access restrictions to lock them down. If you don’t need write access, use read-only access to files on network drives. Limiting the user rights limits the files that can be encrypted by threats.
What can you do if ransomware is sent to you?
Ransomware removal tools are not available. Ransomware encryption is not possible to decrypt. If your clients’ computers are infected by ransomware, and your data is encrypted as a result, these are the steps to take:
- Don’t pay the ransom.You must pay the ransom
- Before ransomware attacks network drives, it is important to isolate the infected computer.
- Symantec Endpoint Protection Manager (or SES) can be used to update virus definitions and scan client computers. The ransomware can be detected and fixed by new definitions. Symantec Endpoint Protection Manager or SES automatically downloads the virus definitions to clients as long as they are connected to the management server.
- Click Clients in Symantec Endpoint Security Manager. Right-click the group and click the Run command on it > Update Content and Scanning.
- Run the Symantec Endpoint Security Scan Now command. Running commands for client devices
- Reinstall with a clean installationYou can restore encrypted files from a backup to get your data back, but it is possible that malware was also installed during the attack.
- Send the malware to Symantec Security Response.Symantec Security Response can be contacted if you can identify the executable or malicious email. These samples allow Symantec Security Response to identify ransomware and create new signatures. Check out:Symantec Insider Tip – Successful Submissions