Businesses both large and small are under threat from increasingly aggressive and brutal ransomware attacks. Loss of access to critical files, followed by a demand for payment can cause massive disruption to an organization’s productivity.
But what does a typical attack look like? And what security solutions should be in place to give you the best possible defence?
This note examines commonly used techniques to deliver ransomware, looks at why attacks are succeeding and gives nine security recommendations to help you stay secure. It also highlights the critical security technologies that every IT setup should include.
Ransomware is one of the most widespread and damaging threats that internet users face. Since the infamous CryptoLocker first appeared in 2013, we’ve seen a new era of file-encrypting ransomware variants delivered through spam messages and Exploit Kits, extorting money from home users and businesses alike.
The current wave of ransomware families can have their roots traced back to the early days of Fake AV, through “Locker” variants and finally to the file-encrypting variants that are prevalent today. Each distinct category of malware has shared a common goal – to extort money from victims through social engineering and outright intimidation. The demands for money have grown more forceful with each iteration.
The financial consequences can be severe. The Hollywood Presbyterian Medical Center reportedly paid 40 Bitcoins ($17,000) to regain access to its files, while the Kansas Heart Hospital despite paying an undisclosed sum, was faced with a second ransom demand and not given access to all of its files.
Ransomware attacks start in two main ways. A booby-trapped email with a malicious attachment or via a compromised website; which then work their way down to your endpoints and servers.
To stop these attacks, it’s critical that you have advanced protection technology in place at each stage of the attack and combine this protection with good user security practices.
Nine best security practices to apply now
Good IT security practices, including regular training for employees, are essential components of every single security setup. Make sure you’re following these nine best practices:
1. Backup regularly and keep a recent backup copy off-line and off-site
Offline and off-site means ransomware can’t get to it. With recent backups data loss can be minimized.
2. Enable file extensions
4. Don’t enable macros in document attachments received via email
A lot of infections rely on persuading you to turn macros on, so don’t do it!
5. Be cautious about unsolicited attachments
If you aren’t sure – don’t open it. Check with the sender if possible.
6. Don’t have more login power than you need
Admin rights could mean a local infection becomes a network disaster.
7. Consider installing the Microsoft Office viewers
These viewer applications let you see what documents look like without opening them in Word or Excel.
8. Always keep your software up to date
If possible make sure automatic security updates are enabled on your software. This reduces the risk of being exploited by ransomware.
9. Stay up-to-date with new security features in your business applications
For example Office 2016 now includes a control called “Block macros from running in Office files from the internet”
Please feel free to distribute these notes.