This scenario is unfolding right now somewhere in the world. Maybe even in your city or neighborhood. In this very moment, someone is clicking a link in a spam email or activating macros in a malicious document.
In a few seconds, all their data will be encrypted and they’ll have just a few days to pay hundreds of dollars to get it back. Unless they have a backup, which most people don’t.
Ransomware creators and other cyber criminals involved in the malware economy are remorseless. They’ve automated their attacks to the point of targeting anyone and everyone.
Ransomware is a malicious software that sneaks onto your computer, encrypts your data so you can’t access it and demands payment for unlocking the information – has become an emerging cyber threat. Several reports in the past few years document the diversity of ransomware attacks and their increasingly sophisticated methods. Recently, high-profile ransomware attacks on large enterprises such as hospitals and police departments have demonstrated that large organizations of all types are at risk of significant real-world consequences if they don’t protect themselves properly against this type of cyber threat.
Unfortunately, the use of advanced cryptosystems in modern ransomware families has made recovering victims’ files almost impossible without paying the ransom. However, it is easier to defend against ransomware than to fight off other types of cyber threats, such as hackers gaining unauthorized entry to company data and stealing secret information.
Lets have a quick look at how we can prevent against and techniques we can use to mitigate the risk
- Smart UTM Device (Firewalls) Have a UTM (Unified Threat Management) device installed at the entry point of internet, on your network. This device is more commonly known as a firewall. Not all firewalls are UTM enabled, by UTM we mean the device has the capability to block traffic and allow traffic based on certain parameters. An example would be you may want to block social media networking sites, does your Firewall allow you to do it ? Similarly it should have the capability to also block malware sites, sites in categories which are suspicious of spreading technology mischief through the internet. Does your firewall give you a break up how much internet traffic has passed (incoming and outgoing), through each of the pcs /servers / devices on your network, this will help in identifying if a particular pc is infected and take corrective action. There are numerous inexpensive devices available in the market today, the key here to know how to exploit the functionality of the device, not necessarily installing it. Merely installing a firewall without proper configuration will do no good.
- Software Updates Is your windows 7 or windows 10 or operating system you use is up to date ? Is your antivirus upto date ? Please ensure you run regular windows updates / antivirus updates as these updates fixed vulnerabilities exploited by malware /ransonware and or other kinds of viruses. Educate the user and make then accountable for running windows update. Often it happens the user claims he is not aware of the updates at all. But its worth it educating the user and little bit hand holding can save the day for everyone.
- BACKUP, BACKUP AND BACKUP Always have multiple backups, of all your critical data, mainly your emails, files stored on a server or a pc/laptop. There are many systems available, which will give you a 30 day retention at minimum, more importantly, you should be aware what is backed up and what is not backed up. Time to recover
- Block Unwanted Access You should always block users from having unnecessary access to files, systems, internet traffic, they would not need, this will help reduce the impact if at all a pc is infected it would infect only their circumference of work where they would have access not all places on your network.
- EMAIL – The easy and most effective win Is your email system smart enough to block malicious emails, in the first place, many email systems like Microsoft Exchange, Office365, G-Suite (Google Apps), Lotus Notes, have advanced to very advanced email filtering techniques, you could employ them to block unwanted attachments, have approvals for files received on emails to the IT admin or Manager before they are delivered to users mailbox, reducing the possibility of getting attacked via the email altogether. So no more link clicking when the email never got your inbox.
- IT Policy Do you have a proper documented IT policy highlighting, what is your network like, how your backups, what files are backed up, how often are they backed up, what email system your mail is using (Exchange, Office365, G-Suite (Google Apps), Lotus Notes), how much time will take to rebuild the server in the event of a hardware or software crash. Are the backups tested at all, backups re bound to fail if they are not tested. It should also contain a small list of dos and dont’s the users should be aware of in case they feel any suspicious activity on their pc, simply by removing the network cable or shutting the down the system using the power button can save the network from being infected.
- Educate the user Having monthly newsletters or 15 minute sessions to discuss new trends threats, etc with users, educating the users is the best form of defense.
- Knowledgeable IT Resource Do you employ a full time IT Admin or your IT admin is just a power user. Gone are the days when a power user would be considered an IT Admin. Managing computers and information has become a full time exercise, rather than a side job, moreover we are more dependent than ever on the information which flows. Did you consider hiring a Managed IT Service Provider (MSP). It is important which ever way you may choose, have an in house IT Admin or an MSP. Its about the Attitude to take initiatives and keep your IT infrastructure in good health, you may have the most expensive and best technology, but if you dont employ industry best practices, you ware bound to burn your fingers.
I have touched upon on some of the common fixes which are applicable to businesses of all sizes.