Ransomware in the Air – Strategies to Prevent and Protect
Unless you’ve been living under a rock, you’ve probably heard about the latest flavor of cybercrime that is circulating the internet – Ransomware. As an experienced technician who has encountered this threat several times throughout its development, I’d like to spend some time today discussing what it is and what we can do about it.
Imagine that you are working on a deadline and you need to retrieve valuable client data stored on one of your server shares. You go to open the file and receive an error message that the file is unreadable. In the same folder you see a new file called DYCRYPTMYFILES.TXT. You open this file to reveal a note from a smug hacker. “Send 500USD in bitcoins to a specified address or lose access to your files permanently,” it says. Browsing through your folders you quickly discover that you cannot open any of the files! Worse – you call your IT professional and they tell you that there is no way they are getting those files back. They are gone for good.
How do you think a scenario like this would affect the operation of your business? How quickly do you think you could recover and get back to normal working order? How much do you think it would cost? It is unfortunate to say that many businesses will ultimately pay the hackers what they want in order to retrieve business critical data that they cannot recover by any other means. For this reason, the ransomware industry is growing rapidly and the malware programs themselves become increasingly more sophisticated.
Right Hand Technology Group heavily discourages anyone from giving in and paying the ransom. While we do recognize that there can be situations where this is the only remaining way to regain access to business critical data, there really is no guarantee that the hackers will actually decrypt your files. In addition, paying the ransom will flag you as a successful target, and you are very likely to be targeted again.
So what exactly is going on here? At its core, ransomware is just like any other virus or malware except that it wants to target your data and “hold it for ransom”. It does this by using encryption on any of your files that it can find – Word documents, spreadsheets, PDFs, pictures, music, databases, etc. Encryption scrambles the data within those files, rendering them unreadable and virtually useless. The hacker possesses the decryption key (what is needed to unscramble the data back to normal) and offers to return the files to the user in exchange for a sum of money, typically payable in bitcoins. The hacker may also threaten to delete the key if the user does not act within a declared period of time.
Every business today should have knowledge of this threat and know how to protect themselves from it. I have narrowed down three major areas of focus that a business can use to accomplish this.
- Awareness training
- Good security practices
- Keeping good backups
I will touch a little on all three.
The weakest link in your network’s security chain is – and always will be – the user. You can spend thousands on the best security firewalls and intrusion detection equipment and it will do you no good if Barry from Accounting mistakenly initiates a virus program.
Ransomware usually begins with a fraudulent email. They purport to be from a trusted source, i.e. your bank, one of your contacts, or known entities such as UPS, FedEx, or ADP. These emails always contain a clickable link or attachment that the user should click on to view more information about the email. This is the bait, because once that user clicks it will immediately and silently begin to execute ransomware code. Employees should be trained to use caution when opening any email attachment or clickable link. In today’s world it has even become a common practice to “spoof” email addresses, making them appear as coming from a trusted sender. For this reason, a simple phone call could be all that is needed to verify whether an email is legitimate. Training should occur on a repeated basis to make sure employees have knowledge of current threats, what to look for, and how to deal with them. When the users have knowledge beforehand they are much more likely to recognize a fraudulent email or webpage. Additionally, in the event that a computer becomes compromised, you want that employee to recognize what occurred, act quickly and notify a network admin so that damage can be mitigated quickly.
The key here is remembering that it is not good enough just to have a policy. Barry needs to be made aware of, and refreshed on the policy if you want him to become effective at detecting fraudulent communications. In order to assist businesses with achieving this end, Right Hand Technology group offers an in depth training program that can simulate actual attacks, giving your employees the edge they need.
Good Security Practices
You always want to be sure you are following good security practices with your network regardless of the threats involved. Here I am referring to technical controls and equipment that you can use to limit any unauthorized access. For example, having a firewall is great for your network’s security, but can be meaningless if not properly configured.
Most strains of ransomware require the user to unknowingly download and execute malware code. One way to counter this is by limiting administrative access to user’s computers when they don’t require it. Processes that install software and change the registry require administrative access in order to work. In this scenario, if Barry clicks on the bad email link, the ransomware may download but cannot execute because Barry does not have administrative rights to the computer. This is known as the Principle of Least Privilege, and it is a good all-around security measure that will defend against more than just ransomware.
Another useful tip to prevent ransomware is to utilize a spam filter. Most email hosting providers have this feature built right in, but some do not. Check to see if your organization uses spam filtering, and find out how to implement it right away if you do not. As stated previously, ransomware likes to worm its way in via fraudulent emails. Having a spam filter in place doesn’t provide a foolproof safeguard, but it can drastically reduce the quantity of these emails that make it through to user’s inboxes.
There are many other good practices that business can follow to protect themselves and their data. Right Hand Technology Group offers security audits to help you see clearly the current state of your network. Often, our technicians can discover ways to increase your network’s security with the assets and controls that are already in place!
Keeping Good Backups
The power of keeping regular backups cannot be overstated. A good backup solution takes backups regularly, they are redundant, and they are stored both locally and offsite. Gone are the days of fighting with tape backups and praying that they work when called upon. In 2016, a small business can purchase an effective solution for about the cost of a cell phone plan – which is nothing compared to the financial cost of losing valuable client data to ransomware, or any type of disaster for that matter. A business that keeps good backups of their system cannot be harmed by the effects of ransomware – aside from the downtime involved with removing the infection and restoring good copies of data. Good employee training and controls are always most effective when combined with a reliable backup system.
In this scenario, Barry’s infected computer is cleaned of malware and good copies of encrypted data are loaded from backups. The business may suffer temporary downtime and inconvenience, but ultimately they will make a full recovery.
A strong backup solution is your ultimate protection against data loss for any situation. If you do not have a suitable backup solution, talk to us about how we can help you get to where you need to be. To view quick and easy solutions for single computer backups, check out http://backup.rhtg.net.
GET YOUR FREE RANSOMWARE RECOVERY TIPS
Worst case scenario? If you have already been infected with ransomware, we’re ready to help. Fill out the form below for a free recovery tip sheet.
Right Hand Technology Group is a managed service provider offering custom IT solutions for any size business, large or small. Our team has the experience and knowledge to protect your network from ransomware and other threats. Don’t wait for disaster to strike – call us today at 844.254.RHTG (7484).