Ransomeware

EDVSOFTWAREData recovery Ransomware

Ransomeware

The criminals' modus operandi

Ransomware is currently mainly distributed via emails.
These emails have fake senders and contain file attachments through which the ransomware is then smuggled in. They are usually lured as a delivery bill, invoice or with "interesting" content. When you open these attachments, you are usually redirected to a web server, from where the ransomware is then installed.

If you access your data later in the process, a password is usually required to regain access to your data.
Bitcoin is often requested as a means of payment as the payment flow is disguised.

Ransomware data for ransom

Ramsomware are targeted "blackmail Trojans" that claim to have encrypted all the victim's data or blocked access to the data.

The victims are offered to buy back their data for a fee! Our tip: Do NOT do this!!! Don't fall for it and come to us. The reasons are simple: On the one hand, the demands are never in relation to what the data is worth.Secondly, you can read our tips below on what you can do in advance and what options we have to recover your data!

Was ist Ransomeware?

Briefly explained!

Measures in advance:

  • Sensitize ALL employees to be careful when dealing with unknown or unsolicited emails. As ransomware can also access connected network drives, it only takes one careless employee to infect the entire company network. If in doubt, you should contact the sender via an alternative communication channel (e.g. by telephone, but never reply to the email directly).
  • Make sure that the latest versions and patches are always installed on your IT systems.
  • Update your firewall and anti-virus software on an ongoing basis and use all modules of these systems.
  • Minimize the risk of infection by assigning specific user rights. Each user should only have the rights that they actually need for their work.
  • There are a number of technical options for preventing the independent execution of programs on your systems. Use these options in accordance with your operational requirements. If you do not want to do this yourself, consult an expert in advance.
  • Create regular data backups that are stored on external data carriers and are not accessible via the Internet. It is advisable to back up in several versions (e.g. daily, weekly, monthly, annually), as some ransomware versions only become active after a delay of a few days or weeks.

Measures in the event of an incident:

  • Even if it is unpleasant: React immediately to information about "strange" access problems in your company and disconnect the affected computers from the network, if necessary by disconnecting the network cable and deactivating the WLAN adapter.
  • If companies have fallen victim to ransomware or other cyber attacks, they can obtain information at 0800 888 133 round-the-clock initial assistance from the cybersecurity hotline.
  • The next step is to contact us immediately!
  • We can determine which connected systems have already been infected and need to be taken offline.
  • Start reinstalling the affected systems first, after the damage analysis has been fully completed.
  • In some cases, it is possible to restore the data after cleaning up and reinstalling your systems. However, it is safer to fall back on an existing - uninfected - data backup.
  • File a complaint with the police.

Our tips for the correct procedure!

1.) Do not pay the criminals under any circumstances!

2.) Get in touch with the Sybersecurity hotline!

3.) Be sure to report the incident to the nearest police station.

4.) Please contact us immediately. We will analyze your initial situation and try to restore your data together with our partner!

How high is the damage potential?

Unfortunately, this attack method has a very high damage potential.

In addition to the direct costs of data recovery, it is unfortunately also not possible to guarantee that your data will be clean afterwards!
This means that your data will not be re-encrypted!
Furthermore, it is not guaranteed whether the potential attacker is interested in your customer and supplier, warehouse or financial data.

How can I protect myself?

In principle, the following applies:
You are never completely safe from an attack by viruses or Trojans.