Ransomware data for ransom

What is Ransomeware?

Ramsomware are targeted "blackmail Trojans" that claim to have encrypted all the victim's data or blocked access to it.

The victims are offered to buy your data free again against payment! Our tip: Do that NOT do !!! Do not get on it, and come to us. Quite simply justified: On the one hand, the front payments are never in relation to what the data is worth. Secondly, you can read our tips below, what you can do in advance, and what options we have to restore your data!

Process of the criminals - Damage potential - Measures

Ransomware is currently distributed mainly via emails. 
These emails have fake senders and contain file attachments through which the ransomware is lulled in. You are usually lured as a delivery bill, invoice or with an "interesting" content. When you open these attachments, you are usually redirected to a web server, and from there the ransomware is installed. 

If you access your data later in the process, a password is usually required to regain access to your data.
Bitcoin is often required as a means of payment because the payment flow is disguised. 


Unfortunately, this attack method has very high damage potential.

In addition to the immediate costs of data recovery, it can unfortunately not be ensured that your data is clean afterwards!
This means that your data will not be encrypted again! 
Furthermore, it is not guaranteed whether the potential attacker is interested in your customer and supplier, warehouse or financial data.


The principle applies:
You are never completely safe from an attack by viruses or Trojans.

 

 


Measures in advance:

  • Make ALL employees aware to be careful when dealing with unknown or unsolicited emails. Since ransomware can also access connected network drives, it only takes one careless employee to infect the entire company network. If in doubt, contact the sender by an alternative means of communication (e.g. by phone, but never reply to the mail directly).
  • Make sure that your IT systems always have the latest versions and patches installed.
  • Constantly update your firewall and antivirus software and use all modules of these systems.
  • Minimize the risk of infection by assigning user rights selectively. Each user should only have the rights that he actually needs for his work.
  • There are a number of technical ways to prevent programs from running independently on your systems. Use these options in accordance with your operational requirements. If you do not want to do this yourself, consult an expert in advance.
  • Regularly create data backups that are stored on external data carriers and are not accessible via the Internet. It is advisable to back up in several versions here (e.g. daily, weekly, monthly, annually), as some ransomware versions only become active with a time delay of a few days or weeks.

Measures in case of occasion:

  • Even if it is unpleasant: React immediately to information about "peculiar" access problems in your company and disconnect the affected computers from the network, if necessary also by disconnecting the network cable and deactivating the WLAN adapter.
  • If companies have been victims of ransomware or other cyberattacks, they can get 24/7 initial help from the Cybersecurity Hotline at 0800 888 133.
  • Next, contact us immediately!
  • We can determine which connected systems have already been infected and need to be taken offline.
  • Do not start reinstalling the affected systems until the damage analysis has been fully completed.
  • In some cases, it is possible to restore the data after cleaning and reinstalling your systems. However, it is safer to fall back on an existing - uninfected - data backup.
  • File a complaint with the police.

Our tips for correct procedure!

1.) Do not pay to the criminals in any case!

2.) Contact the Sybersecurity Hotline!

3.) Be sure to report the incident to the nearest police inspection.

4.) Contact us immediately. We will analyze your initial situation and try to restore your data together with our partner!