Dunedin continues to be struck by ransomware attacks. We have had yet another client struck this week. While this keeps our techs busy, I think we can all agree that avoiding these is preferable. We must be on the lookout for Crypotolocker, Cryptowall and CrypoDefense which have all been successfully deployed in Dunedin networks, causing grief for all involved.
Ransomware is a type of Malware that encrypts files on a system’s hard drive using an unbreakable key, and this is decrypted by the attacker once a ransom is paid.
But what should you do to keep your business safe?
1. Prepare for recovery should you get hit
2. Avoid becoming infected
3. Check your preparations regularly.
PREPARE FOR RECOVERY
1. BACK IT UP
The most reliable way to recover from an attack by ransomware relies largely on whether you have a good backup policy for your data. In order for your backups to be considered "good", there must be multiple (more than three) separate full backups, going back in time. If, for example, you backup to two external hard drives, where the drives are swapped out once per day, this number should be increased to at least four or five disks rotated in order.
Because some ransomware will try to encrypt data on connected network shares and removable drives, it is likely that the most recent backup is also infected, leaving you with only one not-yet-connected drive with all of your data. It is very dangerous to rely on this one disk as it may have become corrupt itself (as data does from time to time) or you may not realise you have been infected until you have swapped the backup drives, causing your final backup drive to also be encrypted. This leaves you with no option but to pay the ransom.
In addition to making sure you have multiple backups, you must also ensure that the backups retain their quality as over time data can become corrupt. to ensure your backups are good quality, each backup drive should be checked at least monthly.
AVOID BECOMING INFECTED
If you don't already, get it. If its connected to the internet, it MUST have antivirus, no exceptions. Also, the Antivirus must be up to date. Make sure you keep up to date with your renewals. Free Antivirus products are not strong enough for your business. If your business is using AVG or Windows Defender, or any other free product, change it immediately to a paid product.
2. MAIL FILTER
If you don't have a Mail Filter, now is the time to get one. MailMarshal, SMX, Office365. They all do a great job, and while the won't catch everything, they will significantly reduce the number of suspicious attachments getting onto your site.
If you don't already have a Firewall, get one. The Fortinet Firewall is a cost effective and efficient firewall that can further restrict unauthorised external access. This is especially important if you have remote access into your site.
4. PATCH IT
Patch and keep your operating system, antivirus, browsers, Adobe Flash Player, Java, and other software up-to-date. This habit can prevent compromises via exploit kits.
5. PASSWORD STRENGTH
Your password is a vital part of your security system. Your dogs name is not good enough. Neither is 1234! For security, a pass phrase is your best friend (rather than complexity). Something like ilovemypoochierexbecasueheisadorable. Or even better...MyBeautifulRexWasBornIn2011! These phrases are easier to remember, and practically impossible to crack. If your username and password are both "admin", then you are asking for trouble!
If you want to check your password strength, use this checker and find out how long it would take to crack! https://howsecureismypassword.net/
DON'T MAKE IT WORSE!
1. DON'T OPEN THAT ATTACHMENT
Most ransomware is delivered via email, and is typically delivered opportunistically with a typical theme being shipping notices from delivery companies. In addition, the emails are also looking much more legitimate than they previously were, so email attachments can be more tempting to open. However, ransomware is also delivered via download attacks on compromised websites, and this style of infection is much harder to avoid.
2. TURN IT OFF!
If you think you have opened a suspicious attachment by mistake, turn off your computer and call Decision1. This can restrict the attack because the ransomware hopefully won’t get the chance to establish a connection with its control server to complete the encryption routine.
CHECK YOUR PREPARATIONS REGULARLY
1. Check your preparations are in place
At least once per month you need to check that your preparations are in place and are functional. This includes: Antivirus checks, backup check and test restore, firewall operations, patching up to date.
2. Get Decision1 to do your checks for you
We have managed services setup especially for this reason. Let us take the worries away and let us do all the monthly checks that you need to keep your business data safe.
See more details on our Managed Services page.
BUT WAIT, THERE'S MORE...
For more info on how to keep yourself safe, these sites have comprehensive lists of tasks that can help reduce your risk.
GET OUR CHECKLIST
Download our checklist here to make sure you have your security measures in place.
We can complete a security audit to make sure you are as protected as possible, and make recommendations for actions to increase your security levels.
Overall, its important to talk to your staff. Internal staff members are the biggest threat to the security of your network.
Rule No.1: DON'T OPEN THAT ATTACHMENT.
Rule No 2: SEE RULE No.1
Victoria Murgatroyd-McNoe, Director
Decision1 IT Solutions Ltd