Ransomware represents one of the greatest threats to your data with studies indicating that ransom takers are specifically turning their focus towards smaller networks. Fox Business claims that 43% of ransomware targets in 2015 were small to medium-sized businesses. With the recent trouncing received by the IT world at the hands of WannaCry, network invaders are becoming emboldened to encrypt your data and stash it away until you pay up. And with a staggering 70% of business owners deciding to fork over the money, the incentive is strong. Ransomware is making a killing and your network may be next in front of the firing squad. But with the right know-how and cyber security culture in your office, you can survive the bloody war against malware.
How to Stay Safe
File Backup & Recovery Process
Businesses often become so wrapped up in the fight against malware that they forget the old-fashioned dangers of the world: floods, fires, famines (okay, maybe not so much), break-ins, mobile devices dropped down airplane toilets, tablets crushed in a fit of furious rage following a nasty Yelp review. The list goes on. Luckily, your IT department has years worth of readily available file backups, right? Just as we continue practicing tornado drills and fire evacuations, we should perpetually practice procedures for catastrophic data loss. Understand your recovery process and ensure that file backup is delegated to an accountable party. If the worst should happen and you find your files locked away by the Ransomware Bogeyman, you can let out a sigh of relief knowing that multiple copies of your precious data are stowed away in the closet or on the cloud.
Did you know that banks leave thousands of dollars in cash just sitting on the street corner every day? Yes, ATMS nationwide go unrobbed routinely because they are locked down tighter than Fort Knox. Good news! This approach can work for your data as well. By encrypting the data on your network, you can prevent network intruders from walking away with your files even if they manage to force their way into the system. Imagine the look on a burglar’s face when he walks into a house where everything is locked up in heavy-duty safes.
Microsoft disabled the automatic execution of macros in email attachments years ago, and for good reason. An example of social engineering, some phishers will attempt to persuade users into enabling macros on email attachments. If ever you are encouraged to enable macros, the request should be treated as more than a red flag. It’s a whole red flag factory. Double-check that your email settings have disabled macros.
The classic rule of thumb for attachments is to never open one if you’re unfamiliar with the sender. VBA droppers are an increasingly common delivery system for ransomware and can be packed away within several layers of file types like Russian nesting dolls or a data-thieving turducken. Even if you receive a harmless PDF file, that PDF file can hold an executable to launch a Microsoft Word file, which in turn is setup to launch an RTF file, and so forth until a VBA Dropper lands on your computer before you know what’s happened. So yes, it is time to have another all-hands meeting to drone on and on about not opening attachments from strangers. Seriously, your users are still opening suspicious attachments. Right this second (probably).
Your custodian doesn’t require administrator-level access to your network. In fact, very few of your employees should be given this level of clearance. The reason why? If attackers do manage to break in, you don’t want all of your users walking around with skeleton keys. Mitigate potential damage to your system by ensuring that employees are able to access and utilize the tools they need without requiring administrative access. For a better look at how not to tighten up your administrative model, check out how the NSA took a crack at it.
System Updates & Patches
WannaCry was a painful learning experience for many network administrators. For those of you still unaware, Microsoft released a patch that prevented the exploits targeted by WannaCry on March 14, 2017, a full two months before the May 12th ransomworm tore the world a new one. There is a very solid line separating those affected by the worm and those that were not: those of us who made it out unscathed (all of Firewalls.com’s customers, btw) kept our security patches up to date!
The war against ransomware is never-ending and we understand if morale is low. But your network is too important to leave to chance. The data doesn’t lie: ransomware attacks are on the rise and their campaign is turning towards small and medium-sized businesses. Let Firewalls.com be your private army in the battle against ransomware. We’re mean. We’re lean. We’re bad guy fighting machines.