Ransomware Lessons

USB Hacks - @SeniorDBA

Ransomware is malicious software that attacks a computer or your entire network to force you to pay a fee (ransom) to regain access to your systems. If the fee is not paid within a set timeframe, the criminals who now has access to your systems will wipe the data. Since those systems are unavailable to your organization most businesses are faced with a decision to pay the ransom and get back to business or refuse to pay the ransom and risk forever losing customer data.

Like any other virus or malware the ransomware is usually downloaded from the internet, most often by clicking a suspicious link in an email or on a website.

A recent report showed that victims of malware paid about $24 million in ransom to these cyber-extortionists in 2015. That doesn’t include the millions of dollars paid for securing the remaining systems, replacing damaged systems, training, etc. Since there is money to be made by criminals, this form of attack is not going away anytime soon.

What lessons have we learned that can help protect your systems?

  1. Backup Everything Your essential data should be backed up to prevent the loss of that critical information. For your personal systems, that probably means all your photos, documents, etc. need to be saved in a location that isn’t on your laptop or tablet. For business systems, that probably means all your customer data, documents, payroll data, and business knowledge needs to be saved in an off-site location. In the event of an attack, you simply wipe your computer systems and start from scratch via the last uninfected backup. Having a backup of all your data and files won’t protect you against being infected by ransomware, but it will significantly limit the damage from an attack that deletes or encrypts your data.
  2. Avoid Suspicious Links and Attachments – Criminals often rely on your curiosity to click on a link or attachment sent to you via email. You just need to ignore emails from people you don’t know, and never click on a link or open an attachment unless you are expecting the information and it comes from a trusted source. I know this is easier said than done, especially if you are in a position to get emails from strangers all the time. Be careful about clicking on any links that come via email, even if they appear to come from your bank or other trusted source. It’s safer to type in the URL directly into your browser so you’re absolutely sure you’re going to the correct site.
  3. Apply Vendor Updates Many people have an immediate reaction to a new malware outbreak: Why hasn’t someone prevented this attack before it hits my computer? They probably have figured out a way to block the attack and made it available to you for free, but you may not have applied the update to your system. Make sure your systems are configured to automatically apply vendor updates as quickly as possible.
  4. Anti-Virus Software – Install and update your anti-virus software. This software is never going to be 100% effective in blocking everything, but it can help prevent infection by common threats.
  5. Disconnect Infected Systems – Once you suspect your system may be infected, notify your IT department and get offline (unplug the network cable or disable Wi-Fi) as soon as possible. Once an infected system is quarantined it can’t be used to attack other systems on your network and that means you will save time and money during the cleanup process.
  6. Be Prepared to Wipe Systems – Assume you will get infected. Your fastest and cheapest option is to wipe the infected systems, reinstall the OS, and restore your important files from backup to the fresh systems. This means you must have a disciplined system for creating, verifying, and testing periodic critical system backups. You must also be prepared to reinstall client software, which means having easy access to installation software, license keys, configuration settings, etc. You may not be able to completely avoid this step by following the other steps listed above, but you can seriously reduce the likelihood of this option if you follow the other steps.

WannyCry - @SeniorDBA

Not being infected by ransomware today doesn’t mean you are safe. This should be a wake-up call that tells you that you are not safe. While there is no way to guarantee that you’ll be safe from the changing nature of cyberattacks, there are some pretty easy ways to minimize the risk to yourself and your business.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s