Dunedin has been struck by a number of ransomware attacks recently, keeping our techs very busy. Crypotolocker, Cryptowall and CrypoDefense have all been successfully deployed in dunedin networks, causing grief for all involved.
Ransomware is a type of Malware that encrypts files on a system’s hard drive using an unbreakable key, and this is decrypted by the attacker once a ransom is paid. But there are simple ways to avoid the after effects of ransomware.
1. DON'T OPEN THAT ATTACHMENT
Most ransomware is delivered via email, and is typically delivered opportunistically with a typical theme being shipping notices from delivery companies. In addition, the emails are also looking much more legitimate than they previously were, so email attachments can be more tempting to open. However, ransomware is also delivered via download attacks on compromised websites, and this style of infection is much harder to avoid.
2. BACK IT UP
The most reliable way to recover from an attack by ransomware relies largely on whether you have a good backup policy for your data. In order for your backups to be considered "good", there must be multiple (more than three) separate full backups, going back in time. If, for example, you backup to two external hard drives, where the drives are swapped out once per day, this number should be increased to at least four or five disks rotated in order.
Because some ransomware will try to encrypt data on connected network shares and removable drives, it is likely that the most recent backup is also infected, leaving you with only one not-yet-connected drive with all of your data. It is very dangerous to rely on this one disk as it may have become corrupt itself (as data does from time to time) or you may not realise you have been infected until you have swapped the backup drives, causing your final backup drive to also be encrypted. This leaves you with no option but to pay the ransom.
In addition to making sure you have multiple backups, you must also ensure that the backups retain their quality as over time data can become corrupt. to ensure your backups are good quality, each backup drive should be checked at least monthly.
If you don't already, get it. If its connected to the internet, it MUST have antivirus, no exceptions. Also, the Antivirus must be up to date. Make sure you keep up to date with your renewals.
4. MAIL FILTER
If you don't have a Mail Filter, now is the time to get one. MailMarshal, SMX, Office365. they all do a great job, and while the won't catch everything, they will significantly reduce the number of suspicious attachments getting onto your site.
If you don't already have a Firewall, get one. the Fortinet Firewall is a cost effective and efficient firewall that can further restrict unauthorised external access. This is especially important if you have remote access into your site.
6. PATCH IT
Patch and keep your operating system, antivirus, browsers, Adobe Flash Player, Java, and other software up-to-date. This habit can prevent compromises via exploit kits.
7. TURN IT OFF!
If you think you have opened a suspicious attachment by mistake, turn off your computer and call Decision1. This can restrict the attack because the ransomware hopefully won’t get the chance to establish a connection with its control server to complete the encryption routine.
8. BUT WAIT, THERE'S MORE...
For more info on how to keep yourself safe, these sites have comprehensive lists of tasks that can help reduce your risk.
9. CALL DECISION1
We can complete a security audit to make sure you are as protected as possible, and make recommendations for actions to increase your security levels.
Overall, its important to talk to your staff. Internal staff members are the biggest threat to the security of your network.
Rule No.1: DON'T OPEN THAT ATTACHMENT.
Rule No 2: SEE RULE No.1
Victoria Murgatroyd-McNoe, Director
Decision1 IT Solutions Ltd