Hello, I'm security defender PR.
Corporate administrators focused on how corporate IT assets and internal employees can prevent and recover from ransomware damage.
There are many ransomware-specific solutions in the market, but ransomware is not something that can be solved only by a specific product.
Where are important files kept? Is it not a network configuration that is vulnerable to ransomware?
Are the staff trained? and so forth
I think there are three best ways to deal with ransomware.
You need a realistic approach that links ransomware defense solutions + backup + administrative actions.
1.Lansomware defense solutions include malware prevention solutions, PC virtualization, and ransomware-specific vaccines.
The user has reached a limit to distinguish between intelligent and malicious mail.
What if I receive such natural and fluent impersonation mails during busy business hours, not awkward Korean or translation machines, such as impersonating resumes, impersonating public institutions, impersonating copyright violations, and impersonating requests for estimates? Preventive education that requires attention is not enough.
You should filter your mail first and forward verified mail to users through a malicious mail blocking solution that determines if the files attached to the mail are malicious.
Next is PC virtualization.
Configure virtual PCs using VDI or Vmware to use the Internet or external mail in a virtualized PC environment and archive important files in separate locations through document centralization or backup.
Once a suspected ransomware file is identified on a virtualized PC, it can be deleted and reinstalled with a few clicks to create a new environment.
It also detects/blocks ransomware with real-time scanning with a vaccine dedicated to enterprise ransomware.
Enterprise anti-lansomware solutions include the ability to automatically stop malicious files from running and recover backed up files when they become infected with ransomware.
In addition, it would be better to manage whether the Ransomware-only vaccine is always updated to the latest version through PMS.
2. Using backup solutions + snapshots together is the best combination to complement each other.
Backups include + tape.
Backup is a prerequisite.
Backups must be performed to prevent loss of data that can occur in any situation as well as in ransomware.
However, if you're storing a Windows-based backup solution or an NTFS backup, you're not free from ransomware.
That's why you need a backup solution + tape with ransomware protection.
Disks assigned to the OS can be accessed and written to the file system (NTFS), so they need tape instead of the file system.
You should use a solution that has different capabilities for each backup solution and provides real-time ransomware detection and recovery.
[Lansomware Real-Time Detection/Recovery Features]
In the event of a suspected Ransomware infection process, the user will be immediately detected and alerted to the user with a "warning" message, which allows the user/administrator to directly click in the warning window to determine if there is a Ransomware infection. Later, when the administrator clicks Restore, the files that were attempted to be changed are restored from temporary storage or backup copies, and the Whitelist/Blacklist feature is available for management. Self-defense prevents unknown programs from changing Acronis' files or settings.
[Snapshots]
The backup software copies and stores files to be backed up according to the backup schedule, resulting in a period of time.
The backup copies from the source disk to another media, requiring capacity and time for storage.
Snapshots, on the other hand, are a solution that copies a file system at a specific time (Point-In-Time Copy) and restores it to a point-in-time point in time.
The disadvantages of hardware problems such as damaged original disks are that recovery is difficult and expensive.
3.Administrative measures
Ransomware risk should be informed in advance through regular malicious mail response training.
Also, we need to check the methodology of what to do if we get infected with ransomware right away.
Periodic preventive activities are required to send malicious (spam) mail to internal employees to prevent ransomware in advance.
If a ransomware infection occurs, you have to decide whether to recover or give up your data.
I'll organize the posts today.
1. First filter of malicious mail is made with a solution for blocking malicious mail.
2. Detach work network and external mail receiving PC through PC virtualization.
3. Install a Ransomware-only vaccine in the internal system and employee PC.
4. Back-up + Tape is performed regularly.
5. Use a backup solution to make primary and secondary tape backups.
6. Reduce recovery time by utilizing snapshot OS backup (more than twice a day).
7. Store important files in cloud storage.
8. As a management measure, regular malicious mail response training and methodology are checked and prepared in advance.
댓글