在所有不同类型的攻击中, 您的IT系统和服务器可能会受到攻击, 勒索软件攻击是最严重的攻击之一. So it’s not surprising that many businesses cite ransomware attacks as the one IT (or cybersecurity) breach they fear the most.
像往常一样, prevention is the best method of defense and the following is some general guidance you can follow to prevent it from happening to you and what to do if you are a victim of it.
什么是勒索软件?
勒索软件是一种使用加密技术的恶意软件. 它使用一对密钥对文件进行加密和解密. 密钥是由攻击者为受害者唯一生成的, with the private key to decrypt the files stored on the attacker’s server.
The attacker makes the private key available to the victim only after a ransom is paid, 尽管从最近的袭击中可以看出, 但情况并非总是如此. 没有钥匙, it is nearly impossible to decrypt the files that are being held for ransom.
准备
Preparation for a ransomware attack can be integral for the prevention of such events and minimising the damage if/when an attack succeeds.
Educating staff on how ransomware works and how best to avoid it is an essential first step to make. Using this knowledge to formulate an action plan in the case of a ransomware attack, 包括采取什么程序和联系谁, 也是个好主意吗. For example, you may want to notify some or all your customers if they are likely to be affected.
实现一些基本的安全和过滤系统,如 邮件过滤 防火墙是确保您的数据受到保护的最佳方法之一, 特别是如果您的服务器或服务向公众开放. 您可以采取更高级的步骤(例如, closing certain ‘ports’ on your server) but the basic steps are a good start. Almost all ransomware infections start via someone unwittingly opening a document or link from an unknown source so make sure your IT policy contains guidance on this aspect - i.e. 不要打开/点击可疑链接!
Regularly creating multiple backups of all your data is an absolute must in this day and age and gives you a fighting chance of recovery if the worst should happen. Storing these backups in multiple locations is essential for safeguarding them as attackers will typically try to ‘infect’ any backups that can be found.
If you’re storing backups on external devices such as USB or external hard drives make sure to never leave them permanently connected to your network as this provides a route for attackers to ‘infect’ these devices and encrypt the data stored there.
在将备份存储在任何设备上之前, you should conduct a scan to ensure the device is clean and safe to use.
迅速行动!
If you discover that your network has been compromised with ransomware (or indeed any malware) it is important to act immediately to limit the potential damage.
Speed is key so having communication paths in place is the best way to inform everyone who needs to know what is going on and what they need to do.
Your IT team (if you have one) should operate from a ‘ransomware playbook’, 执行预定义的步骤. 这将因组织而异,但是, 至少, 剧本应包括以下步骤:
- Severing all connections with infected devices from all network connections as soon as they’re located.
- Determining the source of the infection (sometimes referred to as the ‘patient zero’) and locking down this area has been shown to prevent further infection of files. This can usually be determined by looking at the open files on the encrypted shares, 如果您看到一个用户打开了数百个文件, 它们很可能是感染源.
- Speaking to all the users on your system to investigate if they have recently clicked on any links/websites that may have contained the malware is good practice as if the source has been found, reporting this to all the authorities involved can help tackle this crime and prevent future businesses falling victim to it.
- 在重新连接之前,请验证每个设备都清除了恶意软件, 一旦重新连接,您就可以开始恢复您的网络.
- Once all the devices have been cleared and any signs of the ‘infection’ have gone you can then begin the restoration process.
- Infected devices to be wiped clean using appropriate tools before re-attaching to the network.
- Resetting all passwords and account details is also recommended as one of these may have been compromised.
- Ensure any antivirus software is up to date and running to pick up on any malware that may have been missed.
- If you receive a demand from the attacker it is recommended that agreeing to the demands is an absolute last resort as there is no guarantee that you will be given access back and leaves you as a target for future attacks.
We hope the above information is useful and hope that you do not have to use any of it (apart from the preparation aspects).
At Datacentreplus 安全是我们的首要任务之一,这就是我们提供的原因 全天候技术支持 随着 数据备份解决方案.
We have a committed team of specialists that would be happy to assess your business needs and find the best solution for you. 请不要犹豫,现在就给我们打电话 0161 464 6101 我们会超过 很乐意帮忙.
