Ransomware: Not A Matter Of If, But When

Ransomware isn’t only deployed via email, according to FBI Cyber Division Assistant Director James Trainor, “These criminals have evolved over time and now bypass the need for an individual to click on a link. They do this by seeding legitimate websites with malicious code, taking advantage of unpatched software on end-user computers.”

How do you prevent your business from becoming a victim of ransomware?
There are a number of ways you can do this. These are some of the key elements that together, can provide a strong and long lasting wall of defence for your organisation (all of these steps can also be applied to the home user).

 

Backup your data

Backing up your data on a daily basis will reduce your vulnerability to ransomware attacks. If your data gets locked/encrypted, you won’t have to pay that ransom to see it again. You may lose a day’s work (this may mean re-keying some data) but in comparison to losing everything, it’s a small loss.

Backing up onsite, however, does still come with a risk – ransomware is clever enough to seek out and destroy backup data. In fact, the ransomware attacks we have come across in the past week have actively sought out this data first. The creators behind this malware know that backups will save their victim. On-site backups are often done to external drives, connected to servers/machines via USB, and plugged in 24/7. If the backup drive is connected at the same time that the ransomware is deployed, that data can and will also be compromised.

An off-site/cloud backup is ideal and can be used in conjunction with an on-site solution if preferred but because the off-site backup only ever creates a connection when the backup runs, if a user comes in the following morning and accidentally deploys ransomware throughout your organisation, your off-site backed up data will be safe and ready for restoration. Machines/hardware may still be damaged by ransomware, but your business can be back up and running if a copy of your data is intact.

Educate your staff

If an employee uses a computer that is connected to the internet/receives email, ensure that they have the knowledge they need to be aware.

Users should not login to any site that doesn’t show https:// because that site is not secure. Take another look at that email address – is it actually the right web address or is it misspelled? Many of these websites appear to be legit but contain typos. A site, such as a banking site, should display a https:// but the link displays http://. The domain .whatever may not be your banks regular domain. Because we humans tend to skim read it is easy to be tricked into thinking that you are heading somewhere legitimate.

Users should be taught about the importance of not opening emails, clicking on links or opening attachments within emails, from people they do not know or do not normally receive mail from. These can also appear in web chat and users should be aware that these tactics are the same ones used in phishing emails.
Phishing emails from known organisations may appear to be legit, but if you hover your mouse over a link within these emails you may find that the link that appears is going to take you somewhere else entirely.

Users should be aware that any banking or government organisation (among many others) will never ask for your user name, password or any other personally defining information in an email. They will generally never send a zip file or word document to you. In the instance that they do, it will be locked and a separate email will be sent with the password to open the file. A phone call will often initiate this kind of contact either from yourself or the institution.

Malware, both online and the kind that pops up in an email, is almost always easy to detect – they are full of grammatical and spelling errors and tend to read awkwardly. 
It is better to delete a legitimate email from a legitimate source than it is to open something that you aren’t sure about. Emails can be re-sent. If an email does appear to be from someone you know, but not an attachment that you were expecting or would normally receive from them, pick up the phone. Ask the question. They themselves may have been compromised but taking that second step by asking is far better than putting your business at risk.

 

Firewalls

Firewalls are a necessary and extremely effective defence tool for any business, big or small. A good firewall will offer at least a 3-layer protection, a web blocker service which prevents ransomware (and other forms of virus/malware) from making its call back to ‘home’ and a deep inspection feature of all traffic and websites. This feature runs security scans even on encrypted web traffic. Of course these all need to be configured correctly but when they are, they are an ultimate tool of defence. (At F5 Solutions, we highly recommend, use and deploy WatchGuard Firewalls)

 

Antivirus

Antivirus programs should never be your first or only line of defence. Most AV’s will prevent most viruses and malware from infiltrating your systems but not all are created equally. An AV program is only as effective as its last update. Many AV’s cannot detect or prevent ransomware from being deployed and if they do detect it, the damage may have already been done.

 

Patching

Ensuring that patches are updated and applied to all machines and servers within your organisation. Keeping machines updated won’t necessarily stop them from being attacked or the attacks from taking hold, but it is an important step that shouldn’t be overlooked. Patches are released regularly to address security as well as critical operating issues present on a machine.

 

No security solution is 100% foolproof and multiple steps will always need to be taken in order to protect your business. These elements of prevention are not ‘set and forget’ and will require ongoing updating, monitoring and changes as malicious software becomes smarter.

If your business has any form of data, then you have something worth stealing or holding to ransom.
Don’t forget; it’s not a matter of if, but when. Educate your staff, build your defence and stay vigilant.