A lot of time passed since 1971's Creeper creation, the first worm in computing history. It was running on the Arpanet and was running on venerable PDP-10s !

The concepts are the same: a malware code infects a computer (via pishing or in recent cases, using OS network stack vulnerabilities) and spreads itself among the whole network.

Ransomwares are a "mutation" of worms with the side effect of silently encrypting all of your data using strong public/private key encryption methods that force you to pay the ransom to get the key to recover all of your data (if and when the cybercriminals will provide it to you) or reinstall from scratch, losing all your work.

CryptoLocker, WinLock, WannaCry and its recent variations (without the kill switch) are real world examples that caused (and are causing) an hefty amount of damage. As usual, prevention is the only sensed approach, you should:
- make daily backups of all your systems
- block unwanted connections (or better, allow only what is really needed)
- install latest system patches

But if you have a case "zero" inside your network, the best thing you can do is to know who this system was talking to in the last hours, so you can track and limit the spread of the problem.

Using Fl0wer, you have a very powerful instrument that allows you to solve this issue: IP Relationships. Using IP relationships, you can know who talked to who regarding what in a matter of seconds. And act immediately to stop the spreading of the malware.

Which is the most expensive alternative ? Having people (employees, consultants and customers) that cannot work with/for you since you have been caught by surprise, losing all of your data or some prevention to avoid such situations ?

Think smarter