Ransomware

  • 0

Ransomware

Category : security

Introduction

Businesses both large and small are under threat from increasingly aggressive and brutal ransomware attacks. Loss of access to critical files, followed by a demand for payment can cause massive disruption to an organization’s productivity.

But what does a typical attack look like? And what security solutions should be in place to give you the best possible defence?

This note examines commonly used techniques to deliver ransomware, looks at why attacks are succeeding and gives nine security recommendations to help you stay secure. It also highlights the critical security technologies that every IT setup should include.

Ransomware

Ransomware is one of the most widespread and damaging threats that internet users face. Since the infamous CryptoLocker first appeared in 2013, we’ve seen a new era of file-encrypting ransomware variants delivered through spam messages and Exploit Kits, extorting money from home users and businesses alike.

The current wave of ransomware families can have their roots traced back to the early days of Fake AV, through “Locker” variants and finally to the file-encrypting variants that are prevalent today. Each distinct category of malware has shared a common goal to extort money from victims through social engineering and outright intimidation. The demands for money have grown more forceful with each iteration.

The financial consequences can be severe. The Hollywood Presbyterian Medical Center reportedly paid 40 Bitcoins ($17,000) to regain access to its files, while the Kansas Heart Hospital despite paying an undisclosed sum, was faced with a second ransom demand and not given access to all of its files.

Ransomware attacks start in two main ways. A booby-trapped email with a malicious attachment or via a compromised website; which then work their way down to your endpoints and servers.

To stop these attacks, it’s critical that you have advanced protection technology in place at each stage of the attack and combine this protection with good user security practices.

Nine best security practices to apply now

Good IT security practices, including regular training for employees, are essential components of every single security setup. Make sure you’re following these nine best practices:

1. Backup regularly and keep a recent backup copy off-line and off-site

Offline and off-site means ransomware can’t get to it. With recent backups data loss can be minimized.

2. Enable file extensions

Enabling extensions makes it much easier to spot file types that wouldn’t commonly be sent to you and your users, such as JavaScript.

3. Open JavaScript (.JS) files in Notepad

Opening a JavaScript file in Notepad blocks it from running any malicious scripts and allows you to examine the file contents.

4. Don’t enable macros in document attachments received via email

A lot of infections rely on persuading you to turn macros on, so don’t do it!

5. Be cautious about unsolicited attachments

If you aren’t sure don’t open it. Check with the sender if possible.

6. Don’t have more login power than you need

Admin rights could mean a local infection becomes a network disaster.

7. Consider installing the Microsoft Office viewers

These viewer applications let you see what documents look like without opening them in Word or Excel.

8. Always keep your software up to date

If possible make sure automatic security updates are enabled on your software. This reduces the risk of being exploited by ransomware.

9. Stay up-to-date with new security features in your business applications

For example Office 2016 now includes a control called “Block macros from running in Office files from the internet”

Please feel free to distribute these notes.

 


Call us

01792 422616

Read our Blog

Donate to Siavonga Project

Contact Us