One of the main cyber threats for business is ransomware, which you can protect yourself with using data encryption or backup programs, Rick W. Vanover, senior director of product strategies of the Veeam cloud backup and data management software company, told RIA Novosti.
The ransomware virus may look like an update to a well-known application or come through infected phishing emails with topics that are of potential interest to the recipient. Once on the device, the program encrypts all files and databases. Then, the attackers demand a ransom from the company in exchange for decryption keys or threaten to place confidential information on publicly available resources.
“My advice is to implement data encryption more widely in organizations. Real-time encryption can reduce the risk of exploit in the event of data leakage or threats of the encryption virus. In addition, companies usually don’t think about encrypting data stored on the company’s side, because they’re confident in the security of this environment. The transition to doing encryption more often is very similar to the transition to two-factor authentication: slowly and starting with the most critical data types, “Vanuver said.
If the ransomware virus has already penetrated the organization’s network, the expert recommends analyzing the underlying reasons why this happened. As a rule, if the threat of extortion has been realized, it is too late to correct anything. “When the attack has already been detected, the first step is to isolate the attacked systems. Start disconnecting the affected systems from the Internet and from the mains in order to identify the location of the threat,” he advises.
Rick W. Vanover added that in the event of an encryptor attack, companies should by no means follow the criminals. “Cybersecurity experts agree: victims of cyber criminals should never pay a ransom. One of the most correct steps is to contact the intrusion protection task force … Deploy extremely reliable backup storage, implement more stringent security measures across the entire infrastructure and ensure the safety of its critical elements, “he recommends.
He added that Russian companies do not differ from international ones in terms of neglecting backup: it is sometimes considered a resource-intensive process.
As a result, most organizations prefer not to encrypt all data. “Attackers act impassively. Their actions have neither discrimination, nor preferences regarding this or that industry. We are all at risk,” the expert also stressed.