Ransomware preparedness and recovery guide

Ransomware preparedness and recovery guide

Ransomware has proven to be phenomenally effective at producing a
fortune in ransom payments for its nefarious authors. It’s been estimated
that cybercrime cost the global economy $445 billion in 2016—and
ransomware was the primary driver. The astonishing “success” of
ransomware makes one thing certain: It’s only a matter of time before the
next form of malicious ransomware strikes. There are steps you can take to prevent an attack, and a few ways to get your data back if your systems
become infected. The first step is knowing what ransomware is and how it
extracts payments from victims.

Ransomware overview
Ransomware is a type of malware that prevents users from accessing their
data until they pay a ransom. Most ransomware viruses are triggered by
clicking a link in an email or opening an attachment. When combined with
phishing techniques, these emails may seem like normal correspondence
from a business partner.

Recent forms of ransomware
Ransomware in its various forms has been around since 1989, and it shows
no signs of slowing down. The problem has gotten worse in recent years due
to the popularity of mobile devices and anonymous payment methods, like
Bitcoin, which make it easier for cybercriminals to cover their tracks and
evade law enforcement.

How to prepare for a ransomware attack
It’s important to warn employees about clicking on suspicious attachments,
but they may fail to adhere to the policy or simply be fooled by a well targeted
phishing attack. Additionally, while firewall protection and security
software are crucial components in a ransomware-prevention strategy, they
won’t guarantee protection. When prevention methods fail, the best way to
regain access to your data is by having a backup plan in place.

Since the latest version of your files may be affected by the virus, a backup
solution with a versioning feature is necessary. It allows you to roll back to a
specific date before your systems were infected. Although ransomware will
eventually make itself known to you, the virus can take hours or days while
it spreads and encrypts your files before sending you the ransom message.
On shared drives, this is a huge problem when suddenly, not only are your
files unusable, but creating new ones results in more infected files.

The only ways to get things back to normal is to roll back to a complete, clean set of files that was backed up before the initial infection took place. This is where the frequency of your backups becomes a key component of your recovery strategy. The more frequently you back up, the more recent your recovery point can be. Having automatic, continuous backups also ensures data protection with minimal human intervention. Depending on the nature of your business, it may be worthwhile to run more frequent,
continuous backups.

An added benefit of using a backup plan as part of a prevention strategy
is that it also protects you from other common causes of data loss, such as
server or disk failure, natural disasters, and human error. While any data recovery effort costs time and resources, paying a ransom might be an even bigger risk since it doesn’t necessarily guarantee you’ll get your data back. You’re essentially counting on the trustworthiness of thieves to give you the encryption key after they’ve taken your money. With a complete backup of your data that includes an earlier version of your system
before it became infected, you stand a very good chance of recovering most
of your data without ever having to pay a ransom.

If you have a comprehensive malware-prevention strategy in place and
a backup plan is part of it, here are the five steps you should take if your
systems become infected:

  1. As soon as you’re aware of an attack on your computer, file server or
    network, immediately shut down all file sharing activity.
  2. Use your antivirus software to determine where the infection happened. If
    you can’t determine where the infection originated using antivirus software,
    right click on an infected file to find out the last user or computer to make
    changes to the file. This will tell you where the infection originated.
  3. Assess the extent of the infection and the damage.
  4. Remove the virus by deleting all infected files.
  5. Use your backup application or dashboard tool to recover clean versions of the
    infected files. At Carbonite, we’ve had thousands of customers tell us they were able to
    recover successfully after a ransomware attack without having to pay a
    ransom. Most were able to restore all their data, sometimes in just a half-hour.
    Learn more about Carbonite backup and disaster recovery
    solutions today.



What is the AWS Partner Network?

The AWS Partner Network (APN) is the global community of Partners who leverage Amazon Web Services to build solutions and services for customers. AWS helps Partners build, market, and sell their AWS offerings by providing valuable business, technical, and marketing support.

There are tens of thousands of AWS Partners across the globe. More than 90% of Fortune 100 companies and the majority of Fortune 500 companies use AWS Partner solutions and services. AWS Partners are uniquely positioned to help businesses take full advantage of all that AWS has to offer and accelerate the journey to the cloud.


ESET PROTECT is a cloud console, offered as a service, that ensures real-time visibility for on-premise and off-premise endpoints as well as full reporting and security management for all OSes. It is a single pane of glass over all ESET security solutions deployed in the network. It controls endpoint prevention, detection & response layers across all platforms—covering desktops, servers, virtual machines and even managed mobile devices.


ESET has been in the security industry for over 30 years, and we continue to evolve our technology to stay one step ahead of the newest threats. This has led us to be trusted by over 110 million users worldwide. Our technology is constantly scrutinized and validated
by third-party testers who show how effective our approach is at stopping the latest threats.


Leave the updating of the console up to us. We’ll do it in the background, and you’ll always be on the latest version with the latest components. That way your organization will benefit from the latest features, and the admins can enjoy the most recent user experience improvements straight from our roadmap.


All ESET endpoint products can be managed from a single ESET PROTECT console. This includes workstations, mobiles, servers, and virtual machines and the following OSes: Windows, macOS, Linux, and Android.


ANALYST RECOGNITION ESET was named the only Challenger in 2019 Gartner Magic Quadrant for Endpoint Protection Platforms, for the second year running. ESET was rated a Strong Performer in the Forrester Wave(TM): Endpoint Security Suites, Q3 2019. ESET was rated ‘Top Player’ in the 2019 Radicati Endpoint Security report according to two main criteria: functionality and strategic vision. ESET is compliant with ISO/IEC 27001:2013, an internationally recognized and applicable security standard in implementing and managing information security. The certification is granted by the third-party accredited certification body SGS and demonstrates ESET’s full compliance with industry-leading best practices. ISO/IEC 27001 SYSTEM CERTIFICATION 2020111

Malwarebytes Katana Engine

Announcing Malwarebytes 4.0: smarter, faster, and lighter!

The all-new detection engine finds more threats, in less time, with less performance impact than ever before. It also tells you more about threats it finds, like their type and behavior, so you can make smarter security decisions. For example, instead of seeing a generic threat name like “Malware123,” you’ll see a name like “Spyware.PasswordStealer,” along with a link to information about that specific threat.

What’s new

Malwarebytes 4.0 introduces Katana, our brand-new detection engine that uses patented, dynamic methods to recognize zero-hour, often polymorphic malware even before it’s released in the wild. These same methods have been optimized with a faster threat definition process, so they’re not only smarter and more accurate but using them results in faster scans while taking up less CPU.

“Polymorphic threats have changed the game in cybersecurity. By the time traditional antivirus creates a signature for these threats, it can be too late. Cybersecurity providers need to stay ahead of the game by recognizing potential threats before they can cause damage,” said Akshay Bhargava, Chief Product Officer at Malwarebytes.

“Malwarebytes 4.0 is designed to block these evolving threats in record time using innovative detection technology. Our new intuitive user interface helps customers more easily engage with their cybersecurity. Furthermore, the new engine is optimized and requires 50 percent less of the CPU while scanning.”

What’s improved

Our first step in taking malware defense to the next level was making important improvements to our existing Malwarebytes for Windows technologies. They include:

  • Improved zero-hour detection that pinpoints new threats as they arise
  • Upgraded behavioral detection capabilities that catch more diverse threats—even those that use signature evasion
  • Improved overall performance and scan speed
  • Redesigned User Interface (UI) for easier, more intuitive functionality
  • Simplified Windows Security Center integration settings
  • Enhanced web protection technology