Damages by virus infections are reported on an almost daily basis worldwide. In July 2023, a server in the Nagoya port was infected by virus causing the system malfunction for several days. In the past, there were some cases where Japan head quarters were infected by viruses via overseas offices. Let me talk about the taking steps of “Ransomware” which company data on the server is suddenly disappeared in the morning.
Necessary measures to prevent ransomware infection
Ransomware is the integrated words of “Ransom” and “Software” which is a kind of computer software called “malware” maliciously affects computer.
The method is that Ransomware demands a large amount of money to recover the files and to cancel the spread and resell of encrypted files in a server.
How do we prevent those damages marginally?
Normally, the steps, as shown below, are necessary.
1. Strengthen of security
It is necessary to deploy not only virus software but also firewall setting, file transfer steps etc.(exchanging of blueprint from Japan) depending on the actual situation for each enterprise.2. Effective backup data acquisition
You can not feel comfortable only taking a backup to the server and NAS (network connected data drive). As is often the case with both server and NAS which are encrypted. Effective backup method for the Ransomware is necessary.3. Education and Training
When infected rout was investigated, it was from attached mail and links on malicious website. It could be frequently found If you had a knowledge, you could have prevented the infection. Education and training for the cautious points are needed while using PC and system meticulously.4. Developing a plan of countermeasure incident.
The levels of damage would be different depending on the level of preparation when it was infected. When it is occurred, you should inform IT vender and terminate the network also shutdown the server and PC which is suspected on the infection. It is good practice to make a scenario for after infection including contact list for the head quarter in Japan to prevent the spread of infection.5. Using an IT expert from outside
It would be necessary that ask supports from IT company for staff training and virus infection support and prevention measures beforehand.Effective backup strategies considering data recovery
I would like to tell you the steps in (2.) shown above specifically at this time. Ransomware is going to encrypt viewable folders on the network connected PCs and servers that have been infected respectively.
In that, I have seen many cases where the files that were backed up in NAS and shared with Windows servers were also encrypted.
In case, both the server and the backup files in NAS are encrypted, data recovery won’t be possible. The data backup setting should be configured to be unseen in the directory of Windows OS.
★ MAT can provide security system proposals tailored to your current situation and offer support in Japanese, English, and Thai, covering maintenance as well.