Malware and Ransomware

Harman Singh, a managing consultant at cybersecurity firm Cyphere Ltd. has a post on Cyber Security Intelligence dealing with these threats.

To distinguish between the two, malware is more powerful. It can damage industries and disrupt online environments through hacking and leaking sensitive information. Ransomware is targeted to take control of computers and lock software until a ransom is paid. 

Paying ransom is controversial. If you are targeted, consult legal counsel, security experts and your cyber insurer before paying. if you pay, you may not get your data back; your system may still be infected; and you could be a future target. Ransom payments will most likely fund illegal activities. Although cyber insurance covers ransomware (possibly subject to conditions) it should not be an excuse to relax security.

Cyphere offers ways to combat malware and ransomware:

1. Prevent delivery by filtering email and blocking suspicious websites. Secure remote access.
2. Prevent infection by hardening your computer system, installing patches promptly and disable  or limit potentially harmful scripts.
3. Limit impact by limiting privileges, reviewing them regularly, creating separate accounts for sensitive data and segregating obsolete systems.
4. Educate staff and service providers to defend against phishing, practice strong authentication, secure all devices and report incidents.
5. Back up critical data and store offline and offsite.

When (not if) you're attacked, follow these steps:

1. Disconnect infected systems.
2. Reset credentials.
3. Securely wipe infected devices; get professional help if needed.
4. Double check systems before restoring backup.
5. Reconnect devices to network, install updated software.
6. Install antivirus and scan periodically.
7. Monitor network traffic for similar behavior.