Century IT blog

Ransomware Protection Advice

September 3rd, 2016

 

We have had many enquiries about ransomware from businesses and what can they do to reduce the chances of them being infected or losing data.

 

And unfortunately enquires from businesses asking for help in data recovery after being hit with ransomware.

 

 

What is Ransomware

 

Ransomware is a new type of virus technology with is prolific across the internet.

 

It has become so common place that more customers are being affected by this type of virus than any other type of virus at this time

 

It is usually spread through email SPAM as an attachment or clickable link within an email

 

Ransomware relies on 2 specific tactics to infect your computer

 

·       Delivery of virus / mechanism through spam email

 

·       Activation of virus is through human error or lack of judgement

 

 

I have Anti-Virus software so I am protected – WRONG

Unfortunately, you could never be more wrong, in an ideal world your anti-virus software would detect and stop every virus and the whole topic of viruses and ransomware would become a topic you would read about in history books.

 

This ideal scenario doesn’t exist in the present time and probably won’t so far as money can be made by extorting businesses and individuals.

 

Why isn’t it being detected by my Anti-Virus software

A recent study by a global anti-virus software manufacturer Sophos found that there were around 20,000 different variants of Ransomware being created every day.

 

How Can I Get Infected?

Ransomware Viruses are man-made, and propagated through email and activated through user intervention and lack of human judgement

 

 

What can I do to reduce the Risk of Ransomware

There is no single silver bullet here, and to reduce your risk of exposure to Ransomware there are number of steps you can do

 

1)      Backup often and keep numerous previous backups or file versions

 

Ransomware will hijack your files and turn them into a format which you will no longer able to read without paying a ransom.

 

A business which has no data, can’t operate and will go into liquidation

 

By having a wide choice of backups to restore from reduces your risk of data loss exponentially

 

2)      Try to use offline backups types, i.e. ones that once you have backed up your data are physically removed from the network.

Try not to use hard drives and NAS Drives as your primary backup medium.

Ransomware spreads by infecting and copying itself to all network drives and shares, this means that it will not only infect your data, it could also infect and render your backups useless.

Hard Drive backups or NAS Drive Backups should be considered a poor man’s backup and due to their physical constraints are in effect just a hard drive on the network, prime to be infected by any slightly capable virus.

 

3)      Patch often and early

 

You should ensure that all computers, laptops, tablets and servers are patched early and often.

 

When considering patching, the immediate thought processes is Microsoft Windows, although you should also look at other software which will need patching, i.e. Application Servers, Adobe Reader, Flash, JAVA, Zip programs, etc. etc.

 

One of the most frequent comments from business owners we hear is they don’t want their I.T Systems patched because they don’t want the disruption, can’t afford the downtime or afford a reboot and perhaps at some point in the past an update caused a problem.

 

Whilst I appreciate that patching can be a very time consuming and disruptive thing to do and carries a risk, the worst thing you can do is not patch or reboot once in a while.

 

The time consuming element can by reduced to almost zero by your I.T Support company automating patching of all I.T Systems and automating reboots to a time of the day or week when disruption is minimised.

 

If you don’t have an automated patching system, please contact us for advice.

 

4)      Running old or out of date Windows, Servers or Applications

 

The easiest way to burgle your house is via the weakest entry point, one where there is least security and no one looking and a computer system is no different.

 

But even in today’s modern businesses we see companies running old or out of date computer systems, ones that have long been retired by Microsoft and are so old they are deemed insecure.

 

If I had a pound every time I saw a copy of Windows XP, Windows Vista or Server 2003 running in a business, I would have retired a long time ago.

 

Whilst I appreciate that replacing a whole I.T System a very expensive day out, I would try to encourage business owners to operate a planned obsolesce in their I.T.

 

A planned expenditure is far easier to manage than one which is unexpected

 

For example, if you have a 12 User network and want to ensure you have replaced all of your workstations within 3 -4 years. The worst thing you can do from a financial perspective is to keep putting off I.T replacement until all of the computers are so old and need replacing at once.

 

A better method would be to have an I.T replacement plan where the oldest computer is not more than 3 or 4 years old and computers get replaced at staged intervals.

 

5)      Engineer a layered defence to your I.T Systems

 

This is probably a topic which you should speak to your I.T Support company about.

 

The more layers of defence your I.T System has, the more difficult it can be for a virus or ransomware to destroy your business.

 

i)                    Restrict access to all data by all employees. Ask yourself is this really necessary?

 

A better way would be divide up the data by department or job role, for example does your Sales department need access to the account data or vice versa. Does your Sales department need access to Technical Department’s data?

 

If not restrict access and you minimise the risk of one mistake wiping out all of your data.

 

ii)                   Employ a robust firewall wall and dual layer SPAM filtering system from different providers.

 

iii)                 Ensure you don’t have just anti-virus software!!

 

No, this doesn’t mean exactly that, what I mean is long gone is the need for just Anti-Virus software, and what you really need is an Endpoint Protection System.

 

An Endpoint protection system will of course check for viruses, but will do so much more, for example provide Application Control, Provide Website Filtering, provide a Mechanism for Stopping a User Circumventing the protection software, provide central management and alerting of all computers, etc. etc.

 

 

6)      User education

 

This is an area which most business can do for themselves for very little cost.

 

If you remember from the above, viruses and ransomware rely on a user doing something, i.e.: –

 

Clicking on a link or clicking and opening an attachment

 

Computer users should be educated:-

 

i)                    Do not open every suspicious email or piece of spam and certainly should not be clicking on email links

 

ii)                   Emails, attachments and links should be deemed as suspicious and potentially dangerous unless known otherwise

 

iii)                 Users should not disable or circumvent anti-virus or endpoint protection systems

 

iv)                 Users should reboot their computers and allow patching when prompted to and not always hibernate their computers

 

v)                   Users should report any lapse of judgement immediately, the more time ransomware has, the more damage it will cause.

 

vi)                 Businesses should have an I.T Policy that employees must read and be acquainted with and agree with

 

 

The best way to protect your business against the damaging effects of Ransomware is to follow our 6 step advice plan above.

 

If you would like to discuss your own business challenges with an Experienced I.T Support Person, why not give us a call or come into our offices in Totton.