By Mike Andrews, Managing Director, NovaStor Corporation
We’re heading into the cold season and the common cold is well… common. A trip to the pharmacy presents us with endless options for making your week a little more bearable, but unfortunately, it’s after the fact. Colds keep evolving and staying one step ahead of medications.
Ransomware is similar to the common cold in the way that there is no foolproof preventative cure, its roots date way back, it continuously reinvents itself to find new methods of attack and overall, just makes your life miserable.
You’ve probably been seeing a lot of news about Ransomware lately due to the recent devastation executed upon high profile targets including universities, hospitals, and government agencies by strains that include names like WannaCry, Locky, Bad Rabbit, etc. The targets you probably don’t hear as much about are everyday small businesses, lawyers, dental offices, construction companies for example – who bear the lion’s share of these attacks.
We call it Ransomware because, in the moments that follow the breach of an unsuspecting victim, it locks down access to data on their system and then purports to provide the key for unlocking information, if a ransom is paid within a specified amount of time. Maybe.
Rule number one is not to pay a ransom as numerous cases exist where a victim has paid only to never receive the promised key. Also, who is to say that paying does not make you a target for future attacks?
Like the common cold, taking measures to prevent getting infected in the first place is the best way to deal with ransomware. You need to think prevention – Think smoke detectors over fire extinguishers. Investing the time in advance preparation will pay off in the long run when compared to the resources needed to deal with the aftermath.
To understand how to prevent ransomware attacks, it’s best to know how they work, what are the unique types of ransomware for identification, and what preventative actions to take.
Common types of Ransomware:
o Encrypts the files on a victim’s machine.
o Gives a time limit.
o The victim must pay a fee.
- Lock-Screen Ransomware
o Locks the screen.
o Demands payment.
o No files encrypted or affected.
- Master Boot Record Blocking
o The computer will not boot up.
o Ransom instructions displayed on the screen.
Educate your users – Schedule a meeting to discuss what threats look like, and what to avoid. How to store passwords and media. How to disconnect their machine safely from the network and who to contact if infected.
Scanning and filtering – Antispam/anti-phishing in place. Filter file attachments in email (.ece, .scr, .com, etc.). Show file name extensions in Windows, and disable macros (MS Office).
Patch early and patch often – Ensure that all server and workstation operating system is up to date with regular patch maintenance.
Configure intrusion prevention – Business-grade antivirus and firewall protection, with advanced filtering, centrally managed with alerting capability.
Test your backup solution – Ensure that you have the ability to restore in the event that prevention methods fail. Follow the 3-2-1 backup rule (3 backups, 2 different types of media, 1 offsite). Test restorability monthly.
With a cold, you can take every preventative measure in the world, and it can still get the better of you.
The same goes for ransomware. These attackers are continually changing their techniques and their code evolving to be smarter and trickier. All it takes is one person letting their guard down to create a break in your cyber defense security chain.
So if you do get hit with ransomware – follow these steps:
- Immediately disconnect infected systems from the network
- Disconnect from the internet until the situation is resolved
- Lock the source user accounts / Delete profile
- Identify the source of infection to warn other users
For a healthier winter season, be sure to take your vitamin C and talk to your system administrator about implementing a ransomware prevention checklist that your organization can live by. Here’s to you and your critical corporate data’s health… Gesundheit!
About the Author
Mike Andrews (https://www.linkedin.com/in/mikeandrews), is a 20-year veteran of the data protection and security software industry and serves as Managing Director of NovaStor Corporation. NovaStor® (http://www.novastor.com) represents “Backup for the Rest of Us” by empowering overwhelmed and underfunded IT administrator’s with all-inclusive, fast, highly scalable, budget-sensitive data backup solutions for both physical and virtual environments. NovaStor’s disruptive approach redefines service by including personalized local, expert-level professional services as part of every solution – helping ease the enormous expectation being placed on maintaining a working, compliant backup under even the strictest of budgets.