What is ransomware?
Ransomware (as the name implies), is a malicious computer program that locks down the data on an unsuspecting company’s network, making their data inaccessible until a ransom is paid (usually in the form of crytpocurrency such as Bitcoin).
Ransomware also comes in many forms, some of which now carry worm capabilities, making it much more dangerous to combat than a standard computer virus.
Variants of ransomware that have received widespread coverage include:
-WannaCry / WannaCrypt
Of course there are several not listed here; too many to name in a single article (all the more reason why ransomware is downright scary).
Who this article is for:
Because of how ransomware spreads (it’s part social engineering), it can bring a business to its knees before anyone knows what’s going on. Therefore, we’ll cover how three key roles of the business need to act:
- IT department / System Administrators
1. STOP what you’re doing and disconnect – DON’T power off
Yes you read that right – if you suspect a ransomware attack, don’t power off your system. Instead, disconnect the network cable (or disable WiFi if working wirelessly). The reasons for this are as follows:
- Keeping the infected system up makes it easier for your IT department to diagnose the problem
- Some crypto-viruses have a weakness that stores the decryption key in a plaintext file, allowing IT to decrypt the drive, so long as you *don’t reboot*
- Since full-disk encryption requires a reboot, if you power off or reboot your hard drive will be encrypted & inaccessible, so don’t do this.
2. Make a note of when the attack happened
Include the date, time + the last thing you were doing when you got hit. Everyone makes mistakes – phishing emails can be deceiving; IT needs to track down the source in order to protect the company from further attacks.
3. Contact your IT department immediately
The longer you wait, the more likely the virus will infect another computer. Also, it’s possible it spread from another machine on your network. IT needs to track the malware as quickly as possible or it could take down the whole network.
4. Learn how to identify fraud
Phishing emails & fake pop-ups can look convincing, but they almost always have a tell. If you aren’t sure how to tell whether an email is the real deal, ask someone from your IT department to show you how. When it comes to ransomware, it’s everyone’s responsibility to protect against fraud.
IT departments / System Administrators:
1. There’s no substitute for a good backup
Believe it or not, there are still many businesses who don’t follow proper backup procedures – meaning backups need to be performed daily and stored off-site.
However, an even better option is a full continuity cloud solution: This amazing technology takes the physical work out of off-siting and your business stays running in the event of a cyber attack. If you get attacked, your IT department can spin up copy of your servers in the cloud and you’re back in business within minutes. On top of that, modern solutions offered by Perfect Leap™ also come with built-in ransomware protection that can detect and alert you of malicious patterns in your backups. Awesome!
2. There’s no substitute for a good antivirus
There are still some businesses out there using Microsoft’s built-in Windows Defender. Yes it’s better than nothing, but the detection rates are average at best when compared to an enterprise solution, and unless you’re using an advanced (and costly) addition like Microsoft SCCM the control / reporting features leave something to be desired.
Instead, we recommend a dedicated threat protection platform from a proven & reliable cyber security provider.
3. Make sure you’re patched against the latest threats
Some patches require manual configuration – even if you’ve set up your systems to download and install them automatically.
Without going into too much detail (you’ll have to research and plan accordingly to implement these patches), the bottom line is that if you aren’t already, then you’ll want to start by actually reading the security bulletins Microsoft puts out and implementing them as soon as possible.
4. Make sure you plug the holes on your network.
There’s more to fighting the bad guys besides making sure you have the latest patches. If you want your network to stand a fighting chance against ransomware attacks, disable the following:
- Local Administrator rights – no user needs Local Admin rights PERIOD. If they do (it’s wise not to argue with the CEO), then it must be restricted to their own workstation.
- Outdated protocols – Some companies have old apps that still rely on old protocols. That said, if your software vendors insists on using them, consider switching vendors to one who offers a more modern application.
- Remote code execution – Once upon a time, remote execution was a handy little tool IT departments could use to administer remote machines on their network. Now it’s just a magnet for malware; I recommend you do without it if at all possible (or restrict access to a separate dedicated IT VLAN if needed).
- Unsigned code – oft used by accounting departments & clever employees to make Excel do things it was never designed to, macros are crafty pieces of code that have been around since the early days of Microsoft Office. The problem with running privileged code on your systems is, even in the context of a spreadsheet it can be used to do evil, nasty things. It’s best to disable macros completely if your business doesn’t need them.
5. Educate your end-users
Perhaps the number one cause of ransomware is a well-meaning employee accidentally clicking an attachment on what they thought was a legitimate email from their boss. This is what’s known as phishing – a form of social engineering used to trick people into giving an attacker access to your systems. The famous hacker Kevin Mitnick was an expert at this.
The problem with trying to prevent phishing attacks is that people in general are prone to forgetful & impulsive behaviors; one study even found that some folks are willing to give up their passwords over a piece of chocolate! Since people are reward-driven and prone to impulsive behavior, consider including how to spot phishing as part of the employee training manual.
Managers / bosses:
No business owner wants to be caught off guard in front of their staff and customers. The last thing you want is to have to explain to your clients why they need to replace their credit cards, or how your employees Social Insurance Numbers were stolen.
Therefore, as a leader, it’s your responsibility to make sure your IT is:
- Well-equipped – if your IT people don’t have the right tools for the job, it’s almost impossible to protect you and your company from malware attacks. Make sure you budget properly for IT costs now as well as the future.
- Well-educated – if your IT people don’t know what they’re doing, how can they protect you? Nowadays, most cyber security courses are available online. But: careful not to burn them out – that brings me to my next point:
- Well-supported – If your IT people are overworked, they won’t protect you from much (if anything). Burnout only ends in headache for all parties involved. Make sure your team is big enough to handle the task at hand.