Wreaking havoc on share network drives and departmental files. I give you:
Ransomware, cryptolocker, cryptowall, torrentlocker. These are all terms for the latest threat to your IT systems.
Yes your IT systems.
Before I start and get into the nitty gritty – IT security is a bit like building insurance. There’s rarely a need or want to think the unthinkable scenarios like if your house were to burn down but there is a chance it will happen.
The same used to be true for IT security – it was fairly low risk. But that has all changed.
Why is this? Because Ransomware is spreading and damaging many businesses. You only ever hear about the large security breaches on the news but ask 10 of your business associates and I can pretty much bet one of them has been hit by this threat.
To be brief what does the virus actually do? It usually infects a PC in the form of a malicious email attachment. The mail attachment looks just like a normal PDF which could be disguised as an invoice/purchased order.
Once it has been opened the virus will then encrypt all word/excel/pdfs/pictures on the PC infects. Rendering the files useless. Then it will search for network drives and go after files stored centrally on any servers you may have. Wreaking havoc on share network drives and departmental files.
Finally, it will display a message on the infected system stating if you pay a “ransom” then you can have access back from your files. The truth is – if you pay you are not guaranteed anything and may end up in a worse situation as the software will capture credit card details.
Prevention is better than cure. 5 key steps for any business to reduce the risk of Ransomware
1 Raise awareness among staff.
Make staff aware of the threat of files and links from within emails. They might even look to come from a trusted source. If you are not expecting an attachment then beware.
Common sense is key – if you don’t know the person sending the attachment or link then don’t click it. Raise awareness among staff using internal company communications.
If you are unsure, then ask your IT provider to inspect the link or attachment. They have tools like Sandboxie that can run the attachment/link in a sandbox environment to check if it’s legitimate or not.
2 Server side protection, GPO’s.
GPO stands for group policy object – your internal IT department or provider should be deploying a set of group policies on your internal servers that restrict the virus’s ability to spread to the network.
For a technical run down of exactly what group policies should be put in place please reference this: Technet Software Restriction & AppLocker.
3 Email Spam filter
Does your email system have a spam filter? Probably – but does it inspect attachments on emails? Possibly not – make sure you have an email protection system in place that can do the job in the background.
It’s a bit like a firewall for emails inspecting all emails incoming and outgoing for malicious viruses.
A personal recommendation is Microsoft Exchange Online Protection.
4 Check backups are actually working.
If you do get hit by the Crypto-locker the process for recovery is by using your backup system.
99.9% of all backup solutions will send a notification to the IT department/provider to let them know if a backup has been successful or unsuccessful. However, 99.9% of all IT professionals will not actually test to see if you can successfully restore files from a “working” backup service.Get them to check this now and on a monthly basis.
5 Get your systems vaccinated.
If you’ve followed the last 4 steps and checked to make sure you are covered the final steps is to get your IT provider or department to deploy this security tool.
BitDefender Crypto/Ransomware Vaccine Free
It’s been specifically designed to help protect IT systems against the threat of ransomware. Most anti-virus solutions do not have this protection in-built and this additional software.
Schedule a security audit of your IT systems here: click here.
Credit Featured Image: Flickr