Defend Against Ransomware

What is it?

Ransomware or Scareware is a type of malware that tries to restrict access
to the information and ask for payment (ransom) to release the access.
This access restriction may be encryption of the data, modifying the data,
hiding the data, showing sticky message…etc.



A known ransomware trojan is CryptoLocker (or CPT) which started on late of 2013
uses encrypts certain types of files stored on local and mounted network drives
using RSA public-key cryptography, with the private key stored only on
the malware’s control servers.
The malware then displays a message which offers to decrypt the data if a payment
(through either Bitcoin or a pre-paid cash voucher) is made by a stated deadline,
and threatened to delete the private key if the deadline passes.
If the deadline is not met, the malware offered to decrypt data via an online service
provided by the malware’s operators, for a significantly higher price in Bitcoin.

CryptoLocker warnning window

CryptoLocker warning window



Depending on the type of the ransomware, the solution after infection maybe not be
possible and the data could be lost forever.
So, we emphasize to defend against being infected and recommend some

Ransomware is a malware so first advice is to install an AV software and we
recommend to try GData as it’s proven to be able to detect ransomware trojans
including CryptoLocker.

Keep the system (Windows Updates) and applications always update.
It’s good idea to have a patch management system. GData also provide it as a feature with the AV solution, so no need for extra

Periodic Backup
Schedule a periodic backup for important data at least every day or every time
you modify the data.

External Storage
Save important information and backup on external storage that you use it only
for keeping a copy of the data. Also, it’s very important to not connect the
storage only on clean computers.

Cloud Storage
Also, having an online copy of important data is good idea.

Be aware of scams, fishing sites and spam with attachments and always try to not open
unknown links.
You can contact Security Triggers regarding security awareness training.


You can always contact us to defend against ransomware and other attacks

Why You Should Implement ISMS ISO 27001


Security demands three pillars, human, technology and process. Any of these pillars can’t protect your sensitive information alone. Also, any two combinations of those pillars can’t 100% protects your information. To be secure, you should establish those three pillars on your company together. All security vendors won’t tell you this truth.

Building Information Security Management System (ISMS) will establish the three pillars of security in your company.  ISMS  includes policies, processes, procedures, organizational structures and software and hardware functions.


It’s all about Risk

Starting from the ever first question: Why we need to be secure? Because, we have valuable assets and there are risks threaten those assets. Risks include fraud, espionage, stealing information, hacking systems, fire, flood and the counting continues…

ISMS is built using risk-based strategy in which all steps are taken based on the risk. For example, setting antivirus system will play as a countermeasure of the risk of Viruses in the network. Also, setting fingerprint access control system on the data center will help preventing authorized person to access. Another examples that is not related to technology, a company may be in need to set a mandatory yearly leave for each employee just to countermeasure frauds coming from internal employees as in this way when the job is rotated to another employee any potential frauds maybe identified.

Many security professional categorize the countermeasures in ISMS into three categories:

                Preventive: Those to prevent a threat from exploiting any weakness in the system. Examples include access card, antivirus, firewall and security policy.

                – Detective: Those to detect breaches in the system. Examples include intrusion detection system, fire sensors and mandatory leaves.

                – Corrective: Those to correct and suppress the impact of the breach. Examples include disaster recovery plan, fire suppression system and backup and recovery process.

How to?

Building effective ISMS is not any easy process at all, and no one can say by studying all controls he can build the ISMS.

Building ISMS includes tradeoff among security, ease of use, and cost. You may don’t have enough budget and should decide between setting firewall or IDS. Also, you may don’t have enough employees to set a segregation of duties policies. Thus, It’s better to employee ISO 27001.

ISO/IEC 27001 (ISO 27001) is the international Standard that describes best practice for an Information Security Management System (ISMS). ISO 27001 can be followed by any kind of organization with any size. It was written by the world’s best experts in the field of information security to provide methodology for the implementation ISMS in the organization.

Accredited certification to ISO 27001 demonstrates that an organization is following international information security best practices.

Need help?

Our team of certified consultants is happy to help and answer your inquiries regarding building your own ISMS. Also, we are happy to assess your already built ISMS against ISO 27001 standards and this will help you to ensure you are in the right track to gain or keep the certification.