Can crypto viruses attack Macs?

This is how you limit the impact of a ransomware attack on your organization's data

Among all the malicious threats floating around, ransomware can drive any PC user into the depths of despair. Originally targeting individual PC users, ransomware is now targeting much larger targets, with government agencies, hospitals and corporations often failing. If organizations want to avoid ransomware infection, they must ensure that malicious code does not enter their networks. However, it is just as important to know how the damage in the event of a disaster can be reduced as much as the situation allows. However, how should companies respond to an existing ransomware infection?

Where should i look?

To spread malware, cyber criminals examine targeted PCs looking for vulnerabilities in order to exploit them. Three vectors of infection are typically used in ransomware attacks - malicious emails or malvertising, drive-by downloads or remote access. If your organization has just fallen victim to such an attack, chances are it came from one of these three routes and each of them should be carefully investigated.

Note! Regardless of the way in which a ransomware attack crept into your company's network, you should always find out where it started from - if it is one or more networked PCs and has already been moved sideways. In this case, the cryptovirus may have already spread over a significant part of the network. You need to:

  1. Disconnect infected computers from the network and turn off all network adapters.
  2. Replace the infected hard drives with new ones to ensure a clean operating system installation.
  3. Do a thorough network scan to fix any vulnerabilities.
  4. Apply the necessary operating system and software patches and apply a multi-layered security policy to provide better protection against future attacks.

The spam affect

Spreading ransomware by embedding the code in email attachments is just as widespread as ever. So, unless your company has a robust filtering system in place that blocks suspicious attachments, it can be very vulnerable to ransomware infection. The same goes for browsing the web, as the lack of an appropriate filter can lead employees to potentially dangerous, malware-ridden websites. Implement a system of email filters and proxy blockers to reduce the risk of infection in this way.

Drive-by infections

In order to trigger a drive-by attack, the malware actors enter malicious code directly on a website. All that a successful attack requires is an untrained employee using an outdated web browser. The latter is most likely harboring an unpatched vulnerability, and the malware will undoubtedly take advantage of this fact. For this reason, regularly patching the browser is the key to safe surfing.

RDP-oriented ransomware

Cases of ransomware attacking PCs running Microsoft's Remote Desktop Protocol service have recently become more common. The infamous CMB Dharma ransomware has plagued PC users with an open 3389 port for months by exploiting this vulnerability on its own. In contrast to spam-based distribution, RDP-specific infections are much easier to carry out. They rely on a brute force attack against the server's credentials. If successful, the actor behind the attack is given administrative rights, including the right to disable endpoint protection before ransomware is smuggled through the RDP vulnerability. The number of PCs running Microsoft RDP is between 2 and 3 million a day. All of them are potential targets of a ransomware attack if not adequately protected. For these protection techniques, employees must be a Use a virtual private network (VPN) and a Two-factor authentication (2FA) apply when they need remote access to the organization's computer network.

Leave a message

Please do NOT use this comment system for support or payment questions. For technical support inquiries related to SpyHunter, please contact our technical support team directly by opening a customer support ticket through SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" Page forward. For general inquiries (complaints, legal questions, press, marketing, copyright) please visit our "Inquiries and Feedback" page.

Your comment is waiting for moderation.

Please make sure you are not a robot.