What is ransomware?
Ransomware is a kind of cyber-attack that involves hackers taking control of a computer system and blocking access to it until a ransom is paid. For cyber criminals to gain access to the system they need to download a type of malicious software onto a device within the network. This is often done by getting a victim to click on a link or download it by mistake.
Once the software is on a victim's computer the hackers can launch an attack that locks all files it can find within a network. This tends to be a gradual process with files being encrypted one after another.
Large companies with sophisticated security systems are able to spot this occurring and can isolate documents to minimize damage. Individuals might not be so lucky and could end up losing access to all of their information.
Cyber criminals often demand payment in return for unlocking the files. This is normally in the form of bitcoin, the online cryptocurrency.
- Install Windows Update
- Disable SMB 1.0
- Tighten security using AV policy ( if your using Enterprises AV security , contact vendor and have set of new policy to prevent ransomware )
- Make sure that you don't open unknowns mails and click on links.
- Install latest windows update
- Disable SMB 1.0 on all servers and workstations
sc.exe config mrxsmb10 start= disabled