Preventing Malware and Ransomware Attacks
Malware is software or firmware intended to perform an unauthorized process that will negatively impact the confidentiality, integrity or availability of a system. This includes viruses, worms, Trojan horses, spyware, and some forms of adware.
Viruses spread through malicious email attachments, corrupted downloads or via software vulnerabilities. They can steal confidential data, destroy files or take over your computer system entirely. A notorious example is the ILOVEYOU virus, which replicated itself on computers and caused widespread disruption to entire company networks.
Spyware spies on you without your knowledge, tracking browsing habits, login credentials or financial information to steal identities and sell to third parties. It can also change your security settings or install other malware on your device.
Ransomware encrypts files or the operating systems on infected devices and demands payment in a digital currency like Bitcoin. It’s often the result of unsecured network protocols, unprotected server infrastructure or unsafe coding practices and it can cause significant business disruption.
Identifying and containment are key in limiting the scope of a malware attack. Thorough investigation using forensic tools and threat intelligence can help you understand the type of malware, its entry point and the extent of the compromise. Then you can use specialized malware removal processes and restore from trusted backups to remove any evidence of an attack. You can also notify stakeholders, following the notification guidance in your incident response plan. Finally, you can apply lessons learned to prevent future attacks by adjusting your risk appetite and implementing improved controls.