What is ransomware?

If you don’t know what ransomware is, chances are you’ve probably heard of it inadvertently from a friend, co-worker or in the news. From airports to hospitals and even hotel door locks, ransomware is a technology pandemic affecting businesses around the globe.

Ransomware, as its name implies, is a malicious computer program that attempts to lock down the data of an unsuspecting victim’s network until a ransom is paid (usually in the form of crytpocurrency such as Bitcoin). The reason I don’t refer to it simply as a “virus” is because ransomware can come in many forms – some of which now carry worm capabilities, making them much more difficult to combat than a standard computer virus.

 

Variants of ransomware that have received widespread coverage include:
CryptoLocker
WannaCry / WannaCrypt
Locky
Petya
Mamba
BadRabbit

 

Of course there are several others not listed here; far too many to name in a single article (which is all the more reason why  the ransomware epidemic appears to be downright scary at first glance).

 

 

Ransomware epidemic

How protected is your business against ransomware?

 

 

Why you should read this article

Many articles have been written on the subject, but in my opinion they only scratch the surface of what should be done to prevent such nefarious attacks. Because of the nature of how ransomware spreads (hint: it’s part social engineering), it can quickly bring a business to its knees before anyone knows what’s going on. Therefore, I feel it is important cover each compartment of the business, including:

-Employees
-IT department / System Administrators
-Managers

Read on ahead if you want to learn more!

 

 

Employees:

 

1. STOP what you’re doing and disconnect – DON’T power off

Yes you read that right – don’t power off your system. Instead, disconnect the network cable (or disable WiFi using the hardware key if working wirelessly on a laptop). The reasons for this are as follows:

  • Having the infection visible can make it easier for your IT department to diagnose
  • Some crypto-viruses have a weakness that stores the decryption key in a plaintext file, allowing your IT department to retireve the file and decrypt the drive without paying the ransom. Since full-disk encryption requires a reboot, if you power off or restart your system the drive will be encrypted and the file will be inaccessible.

 

2. Make a note of when the attack happened

Include date, time and the last thing you were doing when you got hit. More importantly BE HONEST. Everyone makes mistakes – phishing emails can be deceiving, and IT needs to track down the source of these emails in order to protect the company from further attacks.

 

3. Contact your IT department immediately

The longer you wait, the higher the chances the virus could infect another computer. Even if you disconnect, it’s possible you got the virus from another machine on your network. IT needs to track the infection as quickly as possible or the virus could take down the whole system.

 

4. Learn from your mistakes

Phishing emails and fake pop-ups can be extremely convincing, but they almost always have a tell. If you aren’t sure how to tell a phishing scam from the real deal, ask someone from your IT department to show you how – after all, it’s everyone’s responsibility to protect themselves, their customers and their co-workers from scams.

 

 

Stop ransomware

If you get hit with ransomware, stop what you’re doing immediately, disconnect from the network (but don’t power down) and contact your IT department

 

 

IT departments / System Administrators:

Note: If you’re a manager / business owner, feel free to skip over this part to the next section (but do pass it along to your IT department!) – it’s mostly tech jargon and mumbo-jumbo anyhow 🙂

 

1. There’s no substitute for a good backup

It sounds like a broken record by now, but believe it or not there are still a ton of IT departments out there who don’t follow proper backup procedures – meaning performed daily and taken off-site.

However, an even better option is a full continuity cloud solution like Datto. Why? Because this amazing technology not only takes the physical work out of off-siting (it automatically backs up your data to the cloud), but it also allows your business to continue operating in the event of a ransomware attack – simply spin up a backup copy of your servers on a separate network and you’re back in business. On top of that, datto also includes built-in ransomware protection that can detect and alert you of malicious patterns in your backups. Incredible!

Shameless self-promotion: As a Canadian Datto solutions provider, Perfect Leap ™ will be more than happy to help you size the device you need and order it for you – we’ll even help you install it.

 

2. There’s no substitute for a good antivirus

Another ‘broken-record’ rule hailing from the old days of tech that for some reason still gets neglected. I still run into clients using the built-in Windows Defender. Yes it’s better than nothing, but the detection rates are average, and unless you’re using an advanced (and costly) addition like Microsoft SCCM the control / reporting features leave something to be desired.

Instead, I recommend a dedicated threat protection platform from a proven and reliable provider – take ESET for example, who recently teamed up with Microsoft and Europol to take down the Andromeda Botnet.

ESET is lightweight and comes with a full control + monitoring console for system admins. It can be deployed to smartphones to act as an MDM and it’s cross-platform, meaning it works on Windows, Mac and Linux. More shameless self-promotion: If you’re in Canada, Perfect Leap ™ can get you an ESET license too!

 

3. Make sure you’re patched against the latest threats

Some patches require manual configuration – even if you’ve set up your systems to download and install them automatically.

A couple of notable exploits that can make you vulnerable to ransomware include:
MS17-010: EternalBlue
MS15-011: UNC hardening

Without going into too much detail (you’ll have to research and plan accordingly to implement these patches), the bottom line is that if you aren’t already, then you’ll want to start by actually reading the security bulletins Microsoft puts out.

 

4. Make sure you plug the holes on your network.

There’s more to fighting the bad guys besides making sure you have the latest patches. If you want your network to stand a fighting chance against ransomware attacks then you should disable the following:

  • Local Administrator rights – no user should have Local Admin rights PERIOD. If they do (it’s wise not to argue with the CEO), then it should be restricted to their own workstation.
  • Outdated protocols – The caveat is if you have old apps that still rely on old protocols, and truthfully if your software vendors are still insisting on using them you should seriously consider switching to a more modern application (data migration costs and all).
  • Remote code execution – Once upon a time, remote execution was a handy little tool IT departments could use to administer remote machines on their network. Now it’s just a magnet for malware; I recommend you do without it if at all possible.
  • Unsigned code – oft used to make Excel ride a unicycle while juggling and wearing a cape, macros are crafty pieces of VB code that have been around since the early days of Office + Excel. The problem with running privileged code on your systems is that even in the context of a spreadsheet or Word document it can be used to do evil, nasty things. It’s best to disable macros completely if your business doesn’t use them – but because we don’t live in a utopian macro-free world, there is an an alternative solution:
  • Consider implementing a 2-tier Public Key Infrastructure (PKI). This allows you to generate a certificate to digitally sign code on macros and scripts thus ensuring the code executed on the client-side is verified. If you’re a small shop, consider purchasing a certificate or setting up OpenSSL instead.

 

5. Educate your end-users

Probably the number 1 cause of ransomware is a well-meaning employee accidentally clicking an attachment on what they thought was a legitimate email from a customer / boss. This is what’s known as phishing a form of social engineering used to trick people into giving an attacker access to your systems. The famous hacker Kevin Mitnick was an expert at this – he’s since cleaned up his act and now runs a company that specializes in preventing – you guessed it, social engineering.

The problem with trying to prevent phishing attacks is that people in general are prone to forgetful and impulsive behaviors – one study even found that some people are willing to give up their passwords over a humble piece of chocolate! Since people are rewards-driven and prone to forgetful behavior, consider a little reverse psychology – try implementing a bounty-based rewards system for flagging malware e.g. whoever blocks the most phishing emails in a month gets some chocolate. No I am not joking – I’m 100% serious!

 

 

Perfect Leap Cloud IT backups provide ransomware protection

When it comes to ransomware there’s no substitute for having backups in the cloud

 

 

Managers / bosses:

Don’t think I’ve forgotten about you! In the beginning of the article I mentioned how I felt it was important cover each compartment of the business. Here’s why: As a leader, it’s your responsibility to make sure your IT people are:

  • Well-equipped – if your IT people don’t have the right tools for the job, it’s almost impossible for them to protect you and your company from malware attacks! Make sure you listen carefully when they’re explaining why they need a bigger budget this year.
  • Well-educated – if your IT people don’t know how to prevent attacks in the first place, how can they protect you from threats? Spend a little coin and send them back to school! Actually nowadays it’s easy to study for certificates using a plethora of online tools. But be very careful you don’t burn them out – that brings me to my next important point:
  • Well-rested – If your IT people are overworked to the point of exhaustion, they won’t be protecting you from much (if anything at all). As someone who has experienced burnout twice in my life, I can tell you it’s not good – and it will only end in heartache for all parties involved. Give your IT people extra time off for studying as well as just plain recovering – you will thank them later when they’re working their butts off @ 2 AM fighting to keep your business going.

Last but certainly not least: Seek out IT people who are pro-active, not reactive. Look for big picture thinkers and bring in as many of them as you can afford to protect your company from disaster!

 

 

Are you concerned about ransomware?

Don’t panic! @ Perfect Leap ™ we can help you protect your network from the latest threats.

We will:

  • Start from the bottom, analyzing every aspect of your business to identify common pitfalls and find out how you’re really using technology
  • Provide you with a color-coded scorecard so you can easily visualize the biggest risks facing your organization

But more importantly, we will make your IT proactive and efficient at stopping threats.

Why settle for optimizing your IT systems when you can optimize your business instead? Make the Perfect Leap™ to better IT today.

 

Make the Perfect Leap to IT-as-a-Service

We hope you enjoyed reading this article. Interested in learning more? Reach out to us and we will provide you a free consultation.

Privacy Policy

Tweet
Share2
Share
2 Shares