According to calculations by G DATA CyberDefense, a new ransomware sample threatens IT security in Germany every two minutes. The security of private PCs and company networks can be significantly improved with the help of four simple tips.
On the occasion of Computer Security Day on 30 November, G DATA CyberDefense points out the great risk from cyber-attacks. From the beginning of the year to mid-October, the IT security specialists from Bochum have identified more than 221,000 samples of the most significant ransomware families. The following figure illustrates how great the danger is: cybercriminals launch a new wave of attacks with modified malware every two minutes. According to a recent study by industry association Bitkom, the German economy alone has suffered a loss of over 100 billion euros. IT security can be significantly improved with just four simple tips.
Anyone who regularly backs up all client data on network drives, external hard disks, or in the cloud is ahead of the game. Backups are the last, and often the only, resort if ransomware has encrypted the data in the network. Warning: The connection to the storage medium or network drive should be terminated after each backup - otherwise there is the threat of an infection with ransomware encrypting all the backups as well!
Software such as the operating system, browser, and plug-ins should always be kept up to date. Exploiting security holes in programs is one of the most popular methods used by cybercriminals. Central patch management helps you to keep the software on all your clients up to date and to offer malware as little attack surface as possible.
Virus scanners and behavioural monitoring detect known malware before it does any damage. Malware can often be identified by universal code sequences that are typical for compression, encryption, download routines, backdoor activities, camouflage mechanisms, and the like. Heuristic and generic signatures detect such universal command sequences even in previously unknown malware families.
People who are aware of the dangers to IT and their devices act with greater caution. Awareness training is recommended for companies in order to increase awareness. With this, employees receive important tips on how to deal with current data protection guidelines such as the GDPR, or clues on the distinguishing features of phishing emails, or social engineering attacks.