Preventing and recovering from a ransomware attack

It’s been almost a year since a zero-day ransomware attack called WannaCry infected hundreds of thousands of machines all over the world. Hackers encrypted files on infected computers and attempted to extort a ransom from their victims. Those infected with WannaCry were initially demanded to pay $300 in Bitcoin. Those affected were exploited by unpatched vulnerabilities in the Windows SMB service. Microsoft knew of the potential threat months before however, several businesses do not keep up on their patches which caused them to be an easy target for a WannaCry attack.

Every year, hackers become more sophisticated with the way they attack our digital infrastructure. In 2015, nearly 2,500 ransomware cases were reported to the Department of Justice’s Internet Crime Center (IC3), and $24 million were paid in damages. The monetization of malware is becoming a billion dollar industry. In today’s environment, malware needs to produce revenue, not just be disruptive.  It you IT admin’s duty to stay ahead of these attackers to keep your information safe and not succumb to millions of dollars in losses.

How to stay a step ahead from ransomware groups

Just like any war, the war on our cybersecurity is no different. Creating a plan is the first step to staying secure in this ever-changing digital space.

1.  Be Aware

Ransomware attacks continue to occur at an alarming rate, and they can happen to you. With government agencies also being attacked this is not just a business or private user matter. Over 321 reports of ransomware-activities affected 29 different organizations since 2015. We are not invincible from these kinds of attacks. Knowing they exist and informing our staff of the potential threat gives us the upper hand in preventing our data from being at risk.

2.  Get patching

According to the Department of Homeland Security’s United States Computer Emergency Readiness Team, as many as 85 percent of all targeted attacks can be prevented by applying a security patch. Consistently keeping up to date with patch updates will significantly reduce the chance of a malware infection.

3. Managing and backing up your files

It is not enough that you backup your files in one location, you need to keep your data backed up in two to three places at the very least. Ransomware professionals will know to compromise your ghost files. It is your job as the IT authority in your organization to keep your offline and online data up to date. Create a schedule and a log for you and your staff to keep track of when your files are backed up and where.

Having both an online and offline backup keeps your information safe and easy to recover in the event you find data compromised. Ransomware attackers will not have the capability to access your online files, however, before reinstating the information, be sure that there is no longer any malware on your servers.

4. Train your employees for potential attacks

Teach your staff about the importance of not opening emails that could potentially house malware. Also, employing anti-spam and anti-phishing blockers protects against any infection to your devices. All of the computers within your organization are connected so one download by any employee could cost your organization thousands or even millions of dollars.

Restricting any download of software to the computers within your organization is highly recommended. We recommend that there are policies in place regarding the personal use of your computers. A simple game downloaded could have hidden malware. Your employee’s happiness to listen to their favorite downloaded station is not worth the hours and money spent fixing infrastructure issues.

What if I do fall victim to ransomware?

Hopefully, setting preventative measures in place will prepare you if your system is compromised by ransomware. The first few hours of the attack are critical and need your attention immediately.

1. First, an IT professional. They are the experts in what steps to take to quarantine the area that is affected and have it removed from your system. Make sure to report your incident to IC3 so that you have a record that the incident did take place.
2. Disconnect the infected device from your infrastructure immediately. Ransomware has a funny way of infiltrating everything within your organization in a matter of minutes. The longer the infected device is connected, the more information is lost.
3. Do your best not to remit any payment. Some ransomware attackers do stick to their promise, however, if you can quarantine the infected device and you have your data backed up in another location, there might be no reason why you would need to pay the ransomware attackers. The only time you should succumb to paying their ransom is if you have no other choice.

Ransomware is a real threat. With a good prevention plan in place and the know how to fix your infrastructure in the event of attack will save your company time and money.

GFI Software has some solutions that will provide the right measures to keep you safe from an attack. GFI LanGuard can distribute patches among all of the devices connected to your network. From one console, you can see which machines need updating, you can schedule the patch, and keep track of devices that belong to your organization. Instead of manually patching machines, which is labor intensive, GFI LanGuard automates the process.

GFI MailEssentials provides security for your email. The VBSpam-certified solution has a powerful anti-spam filter that combines SpamRazer technology, greylisting, and other advanced technologies to  provide a spam capture rate of more than 99% and minimal false-positives, ensuring the safe delivery of important emails. It also enforces a content policy which assists in protecting your organization from data leaks that could lead to malicious attacks.

You can unlock a library of business proven, full featured solutions including GFI LanGuard and GFI MailEssentials with GFI Unlimited. This game-changing subscription will give you access to the network security and communications solutions you need to protect your business from ransomware attacks at one low price per unit.

Access GFI Unlimited’s library for 30 days for FREE. 

END

SEO exercise: New award-winning storytelling podcasts for iTunes and Spotify