search
Where Thought Leaders go for Growth
Reference a solution

Ransomware: what to do in the event of infection and 6 programs to protect your data

Ransomware: what to do in the event of infection and 6 programs to protect your data

By Axelle Drack

Published: 29 October 2024

Did you know that your company's data has never been so vulnerable? That's what the ANSSI has revealed: in 2020, it recorded a 255% increase in ransomware attacks. When you know that, it's no exaggeration to panic!

Attacks by your worst enemies, cybercriminals, are increasing day by day. It's all the more worrying when you consider how easily this malware can infect your entire system, sometimes simply through an email attachment (yes, that simple).

You're probably asking yourself a lot of questions: how does ransomware work, how can you protect yourself from it, and how can you remove the virus if you've been a victim?

We give you all the solutions to ransomware, with a selection of software and sound advice on how to be cyber-resilient in the face of ransomware.

Know your enemy: how ransomware works

How does ransomware spread? The first stage of a ransomware attack is to get into the victim's device (computer or mobile phone) by setting a trap.

The ransomware can do this in a number of ways:

  • downloading an attachment from an email (phishing) or a copy of a website,
  • visiting an infected site
  • using a software update system, etc.

Once this first barrier has been overcome, it must then pass through a second barrier: an antivirus , if there is one, of course.

If it gets through, all it has to do is use one of 4 stratagems to block the user and force him to pay a ransom:

  1. File encryption: the malware blocks all access to your files and documents. This is the best-known procedure.

  2. Scareware: the hacker stimulates fear in the user, who receives a message telling him that his computer is infected, even though there is no proof of this.

  3. Screenlockers: the ransomware blocks the computer screen, making it unusable. These attacks are known as screenlockers.

  4. Doxxing: the hacker steals your personal information and blackmails you by demanding a ransom. This type of attack is also known as doxware.

💡 Good to know: once a machine has been infected, other computers on the company network may also be blocked.

Infected by ransomware: what should you do?

5 things to do in the next few minutes

You see a screen asking you to pay a ransom. How should you react?

ANSSI - the French national agency for information systems security - recommends that you follow this advice:

  • Do not pay the ransom, as this would encourage hackers to do so;
  • Don't switch off your computer, put it into deep sleep if you can;
  • To prevent the virus from spreading to all your devices, immediately unplug all your devices (computers, hard drives, etc.) and disconnect them from the network;
  • Contact your IT manager as a matter of urgency so that he can disinfect the affected computer using a bootable security CD, for example, and restore the data using the backup method described above;
  • File a complaint.

How do I remove the ransomware?

Here are several solutions for removing the nasty ransomware:

  1. Remove BtcKING with SpyHunter: the correction algorithm in the latest version of the SpyHunter 5 solution detects viruses, quarantines them and blocks malware before it can be launched.

  2. Download free anti-ransomware from Avast: although the basic version is free, it's best to upgrade to a paid version if you want effective anti-ransomware.

  3. Free anti-ransomware for MAC from Malwarebytes: more and more businesses are equipped with MAC computers, so you need to protect them with anti-ransomware.

  4. Use Windows Safe Mode: removing the virus using Windows Safe Mode is a removal technique that is only suitable for expert users and is only effective for removing certain types of malware.

6 software solutions to protect your business from ransomware

There's nothing like professional software to protect you from ransomware, rather than trying a solution that's more akin to haphazard DIY than real protection against ransomware and all existing threats. Demonstrations.

Altospam: the champion of all-round protection

Altospam is a formidable SaaS software package for effectively combating all types of attack and spam. The solution protects corporate email addresses by combining 16 anti-spam, 6 anti-virus and 4 anti-ransomware technologies.

Altospam also protects the company's servers: Altospam's servers act as intermediaries to block all attacks and only let legitimate emails through.

This combined anti-spam, anti-virus and anti-phishing solution filters emails, blocking harmful attachmentssuch as those containing ransomware.

Your servers are also protected from DDoS attacks (denial of service) or hackers wanting to use one of your servers as a pirate relay to send mass emails and encrypt other companies' data.

BeBackup: an innovative, secure backup solution

BeBackup meets the needs of corporate IT departments.

In terms of security, the data is encrypted at source by the backup agent using an encryption key. What's more, BeBackup uses an innovative DeltaBloc versioning system that allows you to keep a history of changes from 30 days to 5 years, depending on your needs. This feature reduces backup times and storage space consumption by up to 80%, while guaranteeing maximum ransomware-proof security.

You also have the choice of hosting your data: on 3 or 4 BeBackup servers located in France, or on another type of hosting, such as your own servers.

Finally, BeBackup's technical experts will support you in the day-to-day deployment of your projects, to guarantee the integrity of your data, all at a competitive price.

MailInBlack: anti-virus and anti-spam solution

MailInBlack checks the identity of the sender before delivering an email or blocking it.
If the sender is unknown, a verification email is sent to him so that he can authenticate himself as being a real human and not a dangerous robot.

This precautionary principle is based on the principle of authentication: only senders who have shown their credentials are included on the white list. All others are blacklisted.

MailInBlack offers simultaneous protection on several levels: the solution filters email addresses, scans each message to detect and block viruses such as ransomware, applies a strict RBL anti-spam filter, and also protects mail servers in the same way as Altospam.

In addition, each user can manually manage pending emails in their personal space: they can ban an email address by blacklisting it, authorise a specific sender, etc.

Nuabee: setting up a disaster recovery plan to withstand cyber-attacks

In an environment increasingly marked by ransomware attacks, it is more important than ever to organise your cyber resilience by implementing preventive measures and strengthening your ability to bounce back in the event of a disaster. This is exactly what UCover by Nuabee can do.

UCover by Nuabee is 100% managed by specialist teams who monitor backups and perform DRP tests without you having to worry about it. What's more, UCover uses the full synthetic backup method, encrypts data and stores it in highly certified French data centres.

In the event of a cyber-attack, by modelling your infrastructure as a database and creating a technological breakthrough, your disaster recovery plan will not be encrypted by the attack, and your servers will be automatically restarted within a few hours, allowing you to continue your business.

Specops Password Policy: strengthen your password policy in AD

Specops Password Policy is software designed to strengthen the password policy of companies operating in an Active Directory environment.

It enables you to take a preventive stance against ransomware attacks, by supporting compliance with ANSSI recommendations. Indeed, strong passwords become solid bulwarks against hacker intrusions.

More specifically, Specops Password Policy enables you to deploy your password policy simply, in particular at a fine-grained level so that you can adapt the rules according to user profiles. You can also target any GPO level (group, user, computer).

But above all, this tool goes further than what is offered natively by AD. For example, block the use of expressions contained in a dictionary or in a list of leaked passwords. It is also possible to configure password expiry according to length.

At the same time, IT Departments can take advantage of features to better administer the policy deployed and monitor the use of passwords and their robustness.

Vade Secure: artificial intelligence protects your emails

The purpose of this email analysis software - IT security - is clearly stated: to block all spam, viruses and malware such as ransomware, as well as phishing and spear phishing attacks (attacks targeted at a specific person or company).

Vade Secure analyses each incoming e-mail: the sender's address, the content, but also the context thanks to integrated artificial intelligence, to separate malicious e-mails from legitimate messages.

The solution is equipped with bulletproof antivirus and antispam protection: attack messages containing viruses or ransomware are blocked, as is spam.

Artificial intelligence applies predictive rules and analyses billions of pieces of data every day to improve its ability to deal with new threats in the best possible defensive conditions.

The right reflexes to protect against ransomware

The best protection against ransomware starts with raising your employees' awareness.

Beware of unknown senders

Is this the 1st time an email address has sent you a message? Check the address: if it's a business address that you can easily find in a directory or on the company's professional website, that's a good sign, but if it's not, beware!

Pay attention to the quality of the message

Even if the email address is professional, certain signs can alert you to the possibility of email piracy. Spelling mistakes, a message asking for money or personal data such as a login or password.

Don't open unchecked attachments

This is the preferred method of attack for ransomware! At the very least, check that your antivirus software is active and up-to-date. If your computer shows any unusual signs, such as slowing down, ask for it to be fully scanned.

Think before you click on a link on a web page

Move your mouse cursor over the clickable link or the banner without clicking and observe the URL address that appears: it must correspond to the official site of the brand or company name used in the text.

💡 Good to know: an entity such as your bank or an administrative department will never ask you for your identifiers and passwords, nor for money on a web page accessible to the public, nor by email.

Back up your data every day

It is advisable to outsource a backup of your data. In the event of a frontal attack on your servers, you will be able to recover your backed-up data on an external server and resume business using unaltered versions of your backed-up files.

Update your software regularly

As we saw above, hackers take advantage of security loopholes. Your office tools and all your software should be updated regularly to benefit from the latest security patches.

Configure your email

Block the automatic execution of ActiveX, plug-ins and downloads by default, and prevent messages from being automatically previewed. Even more secure: use one of the anti-ransomware programs listed above. These programs use dedicated servers to block messages containing viruses and only forward legitimate messages to you.

Article translated from French