Ransomware: What Is It And How Can You Prevent It?
Recently, hospitals all over the country have been hit with a new kind of cyber-attack called ransomware. Alongside larger businesses, these hospitals have been proof positive that ransomware is rapidly becoming the tool of choice for hackers looking to profit off their illegal activities.
Basically, ransomware is a kind of cryptographic malware. It’s a computer virus designed expressly to hold data, not destroy it, in order to create profit for the hacker by demanding a ‘ransom’ in order for the data to be released. The infection’s payload encrypts the data on any hard disks or mapped network drives that the machine is currently using, creating a disaster recovery scenario for a business.
Organizations only have two choices when they are hit by ransomware; pay the ransom fee or restore their data from backups. Neither of these options are fun to execute, but many businesses simply pay the ransom in order to get their data back.
Ransomware Costs Businesses $325 Million Per Year
Ransomware has created incredible revenue for hackers, into the hundreds of millions of dollars and rising. High-profile ransomware attacks have impacted hospitals, police stations, financial organization, law firms (as in the Panama Papers situation), and more.
The FBI reports that 90% of all data breaches are avoidable. In the case of ransomware, most businesses can extinguish the fear of ever receiving a popping up a message on the users screen asking them to transfer bitcoins in order to regain access to company data.
How to Deflect Ransomware Attacks
IT staff must adhere to strict guidelines in terms of what they will allow their users to do on their network. In addition, it is critical for your IT staff to ensure that your organization has reduced its attack surface. Here’s a few tips on how mitigate the threat of ransomware on your network:
Update Your Systems Early & Often
Your business should always install critical Windows Updates from Microsoft through a distribution suite such as WSUS.
Vulnerable components such as Adobe Flash, Java and Silverlight should be updated as soon as possible to avoid an exploit from taking place. While your company’s employees may find it tempting to just hit “postpone” on those annoying update pop-ups, it’s imperative to install those updates in order to close vulnerabilities before they are exploited.
Use a Robust Firewall with Advanced Content Filtering Settings
Your business should create a perimeter around its connections to the outside world by setting up strict content filtering policies. Many firewalls let you get granular enough to configure settings such as:
- Block Specific Geographic Regions from Connecting to your Network
- Filter Websites by Category or Content Rating
- Lock Down VPN Policies w/ Industry Recognized Encryption
- Implement Intrusion Prevention Policies
- Filter & Prevent suspicious XML files, Port Scans and Advanced Attacks
Consider Locking Down Your Systems with Group Policy
Consider what applications run on your network and how they communicate with the outside world. To prevent ransomware from happening, organizations can use Windows group policy to lock down vulnerabilities in their Windows network.
Configure the Windows Firewall and create a whitelist for applications to operate upon your network. If the application is blacklisted, it shouldn’t run.
You could also use group policy to lock down common locations in which malware breeds on systems. Organizations can configure a whitelist of file types that can run in these locations, with all other types being denied the access to launch.
Change the Way You Think About File Shares
If an individual PC is hit with ransomware in your business, you may be able to sustain day to day activities while your IT crew provisions a new PC. If the ransomware infects your file servers, you could have a major problem.
Most ransomware uses a legitimate process called SVCHost.exe. This app facilitates connections to file servers from local PCs that are connected using mapped drives. If your businesses uses mapped drive letters to share data, you may want to rethink this practice.
As an alternative, a network administrator could create a policy disabling mapped drives while simultaneously deploying UNC paths as shortcuts to the network locations onto the user’s desktop. This dramatically reduces the impact of a ransomware attack, should one sneak through the cracks.
Consider 3rd Party Solutions
Many organizations rely upon third party solutions to help reduce the attack surface of ransomware.
One popular solution is Microsoft EMET, which creates another layer of protection on systems for users that are required to have Adobe Flash, Java, Silverlight and other vulnerable apps on their systems.
Malwarebytes has a new solution called Anti-Ransomware, which does exactly what it says that it will do. Popular AV vendors such as Kaspersky has released tools to complement traditional AV platforms, considering the fact that many AV platforms have been unsuccessful in mitigating ransomware attacks.
Stay Informed About the Latest Ransomware Attacks
Ransomware has become a lucrative endeavor for hackers, making it more likely that they will try to innovate an attack that targets an unnoticed weakness on your network.
The best offense is a good defense and the first line of defense against ransomware threats is intelligence.
Stay up to date on the latest crypto malware attacks. Consider setting up a Google Alert on the topic “Ransomware” so that you can get the latest scoop on an attack. That way, you’ll always be able to know what to lockdown in order to never have deal with the impact of an attack.
If you’re concerned about your possible vulnerabilities to attack and want to ensure that you are protected, give BACS a call! We’d be happy to schedule your IT Security Audit and take a look at your system, checking for weak spots and ways that a hacker might get in. We’ll build a personalized recommendation to help you decide on the next step to take in keeping your company secure. You can reach us by phone at (650) 887-4601 or contact us online at any time.