Is your critical business data protected from Ransomware?
This list of 7 things you can do to help save your ass from Ransomware!
In the last few years we have been hammered by an insidious virus type known as Ransomware or Cryptovirus. Â Many viruses in the past were fairly simple to stop and remove without too much hassle, but with the onset of this new virus type the game has changed.
This virus encrypts (digitally scrambles and locks) your precious business information and then presents you with an option to pay a ransom to the virus developer (mainly cyber gangs) to unlock the computer so you can re-access your information.
How much does Ransomware cost?
When your server is out of commission and things are looking dreadful, people will often lean towards paying the ransom to quickly get their data back. Â Payments are typically between $500-3,000 USD, however much larger ransoms have been demanded. Â Payments are made via BitCoin (an electronic currency), which once sent are virtually untraceable. Â Payment doesn’t guarantee you will get your data back, after all, you are trusting the person who already compromised your network, can you trust them to give up the keys after payment?
As a general rule you should not pay the ransom. Â It will only encourage this type of virus to flourish as gangs know they will get paid. Â It should only be an absolutely last resort when no other options are available.
7 Tips – How to protect your business from Ransomware
1 – Antivirus and End-Point Protection
Using a premium antivirus application is at the core of protecting yourself from Ransomware, but also a host of other viruses and malware.
I’m always shocked when I see how many people rely on freemium antivirus programs to protect their businesses. Â While I appreciate the frugal nature of business ownership, we are so reliant on technology that you just do not want to risk one of the most basic methods of protecting your computers and servers.
We strongly recommend that you not only use a quality antivirus system, but having a centrally monitored antivirus solution is even better. Â We recommend this because it gives you a single pane of glass view of your business and any virus activity that has been detected. Â Our antivirus monitoring system automatically notifies our datacentre technicians to immediately start to rectify the program within moments of the virus or malware detection, or at least allows us to immediately isolate a certain device from the network to quickly stop the spread of any active infection.
2 – Anti-Spam Filters and E-Mail Server Content Filters
The “vast majority” of ransomware, viruses and phishing (attempt to get private information by fake websites/emails) attacks now come over e-mail.
Stopping viruses and spam before they ever reach your business is an ideal solution and can be accomplished by implementing a “Spam Filtering” service, which typically will give you a lot of flexibility for scanning the e-mail and flagging dangerous or potentially dangerous attachments.
There are many file types that shouldn’t be relayed over e-mail in normal day to day business. Â Blocking files such as .exe .com .vbs .bat and a large array of other dangerous file extensions can help to dramatically increase the chance you will filter out the virus prior to it reaching your inbox. Â File extension blocking can be an extremely effective way of filtering your e-mail and we recommend to use it aggressively and be extremely limiting in what you allow to pass through to your e-mail server.
3 – Limit access to Mapped Drives on Servers
A common way that Ransomware type viruses propagate inside your network once they make their way in, is by means of mapped drives. Â But reducing staff access to mapped drives you are limiting the scope of a possible infection.
A good general rule is to always give the least amount of access to do the job. Â In the event that a low-level staff member gets infected, at least it reduces the attack scope.
4 – High Quality Backup Solutions
If you implement only one thing on list,Â then please let it be this point.
“Backups will save your ass.” –Ken Dennis
Backups are absolutely crucial to your business and personal data. Â Statistically, if your business has a catastrophic loss of data you will likely close your doors inside of 6 months. Â Need some more scary stats?
Make sure your data gets backed up both on-site and off-site. Â While Viruses and Ransomware are a major risk, let us not forget the very real probability of fire, floods, theft and natural disaster.
If you have any question about the quality of your backup system, then you need to do an assessment and make sure it is going to do what you need.
Backups are more than just software they are one component of your entire disaster recovery plan (DR plan).
- Redundant Hardware (RAID Drives, Hot spares)
- Redundant Server (On standby or available in event of hardware failure)
- On-site Backup (Quick Restoration — downloading backups from the Internet can be slow!)
- Off-site Backup (Fire, Flood, Theft, and Natural Disasters — you just never know)
- Testing the plan (Have you tested your systems for redundancy and fail-over?)
- Testing the backup (Have you done test restores or a “bare metal restore” (BMR) ?)
- Virtualization (Can your backup system virtualize your current data to get you up and running fast? Or what is your downtime tolerance?)
Backup systems need to have a plan. Â You need to know how they work and how they restore. Â If you had to rebuild your server, how fast can it be done? Â One great thing to do is look at the actual cost of downtime to you. Â Lost employee productivity and lost reveneue adds up fast, so make sure you assess your risk tolerance and put an appropriate system into place.
5 – Patching and Monitoring
Microsoft and other software vendors (Adobe/Java, Google, Firefox, Apple) are constantly churning out updates and security patches to address issues in their applications and platforms. Â Keeping up with them can be a daunting task on its own, but what about making sure your whole company and servers are all patched to their latest versions?
We recommend using a patch management system to ensure that your systems are proactively patched and when a system isn’t at the correct level then you are notified the system isn’t compliant so you can address those updates. Â Keeping your systems patched is crucial to ensuring that you aren’t caught off guard by mainstream viruses and automated exploits which troll the Internet 24/7 for the unprotected.
6 – Application and User Restrictions
Many software programs are inherently insecure, sometimes it is due to sloppy programming, but more often than not it is by design. Â Programs need to be end-user friendly, and often that means making concessions on security to make the program more useable, faster, or easier to understand.
The same is true for the configuration of your computers and networks. Often it seems like a good idea to elevate the permissions of a user to make it easier for them to work. Â Less restrictions means they can work unimpeded. Â But it also means that many of the safeguards that would be in place from a non-privileged account won’t be there to protect you.
For your day to day working accounts, give them the least amount of privilege necessary to do the work.
Evaluate all the programs you use and consider the implications of removing or reducing safeguards that are in place.
Areas of concern to watch for:
- Restrictive application running in %AppData% and temp folders
- Disallow automatic running of Macro’s (MS Office)
- Mapped Drives (Limited access once again)
- Unsecure RDP (Port 3389) or Weak Passwords that would facilitate malicious RDP use
- Make sure your firewall is working or your Antivirus Suite has one
- Make sure you have a password on your computer (no auto-login)
- Make sure it’s a GOOD password, weak passwords are almost as bad as no password
- Disable auto-run on devices / scripts
7 – User Education is Paramount
All of the above things will help to reduce your attack surface or protect you in the event of an active Ransomware infection, but at the end of the day teaching your staff to identify malicious looking content, e-mails and websites is going to be one of your best investments.
With all the best practices, firewalls, security and programs in place, still the biggest exploit is going to be your end-users and how they interact with what they see.
- Is this e-mail from someone I know and in the normal writing style?
- Is this e-mail out of character for the person who sent it?
- I’ve never worked with this person, why is there an invoice attached to this e-mail?
- Why are there spelling errors and terrible grammar?
- Does the website address look strange?
- Does the website look different than usual?
- Am I being prompted to enter personal information or login details?
- Do I have to enter a username/password after someone e-mailed me a PDF or attachment?
These are just a few of the hallmarks of fake/spam/phishing/virus e-mails, and if your users can learn to question and identify them, they will be one of the many levels of defense to protect your business and its critical information.