Ransomware: Nothing To Sneeze At
by Mike Andrews, on Dec 20, 2017 5:31:19 AM
We’re heading into cold season and the common cold is well… common. A trip to the pharmacy presents us with endless options for making your week a little more bearable, but unfortunately, it’s after the fact. Colds keep evolving and staying one step ahead of medications.
Ransomware is similar to the common cold in the way that there is no foolproof preventative cure, its roots date way back, it continuously reinvents itself to find new methods of attack and overall, just makes your life miserable.
You’ve probably seen a lot of news about Ransomware lately due to the recent devastation executed upon high profile targets including universities, hospitals and government agencies by strains that include names like WannaCry, Locky, Bad Rabbit, etc. The targets you probably don’t hear as much about are everyday small businesses, lawyers, dental offices, construction companies for example – who bear the lion’s share of these attacks.
Common types of Ransomware:
- Encrypts the files on a victim’s machine.
- Gives a time limit.
- Victim must pay a fee.
- Locks the screen.
- Demands payment.
- No files encrypted or affected.
Master Boot Record Blocking
- Computer will not boot up.
- Ransom instructions displayed on screen.
We call it Ransomware because in the moments that follow the breach of an unsuspecting victim, it locks down access to data on their system and then purports to provide the key for unlocking information, if a ransom is paid within a specified amount of time. Maybe.
Rule number one is not to pay a ransom as numerous cases exist where a victim has paid only to never receive the promised key. Also, who is to say that paying does not make you a target for future attacks?
Like the common cold, taking measures to prevent getting infected in the first place is the best way to deal with ransomware. You need to think prevention – Think smoke detectors over fire extinguishers. Investing the time in advance preparation will pay off in the long run when compared to the resources needed to deal with the aftermath.
To understand how to prevent ransomware attacks, it’s best to know how they work, what are the unique types of ransomware for identification, and what preventative actions to take.
Educate your users – Schedule a meeting to discuss what threats look like, and what to avoid. How to store passwords and media. How to disconnect their machine safely from the network and who to contact if infected.
Scanning and filtering – Anti-spam/anti-phishing in place. Filter file attachments in email (.ece, .scr, .com, etc.). Show file name extensions in Windows, and disable macros (MS Office).
Patch early and patch often – Ensure that all server and workstation operating system are up to date with regular patch maintenance.
Configure intrusion prevention – Business grade antivirus and firewall protection, with advanced filtering, centrally managed with alerting capability.
Test your backup solution – Ensure that you have the ability to restore in the event that prevention methods fail. Follow the 3-2-1 backup rule (3 backups, 2 different types of media, 1 offsite). Test restorability monthly.
With a cold, you can take every preventative measure in the world, and it can still get the better of you.
Follow these steps to avoid ransomware:
- Immediately disconnect infected systems from the network
- Disconnect from the internet until situation is resolved
- Lock the source user accounts / Delete profile
- Identify source of infection to warn other users
For a healthier winter season, be sure to take your vitamin C and talk to your system administrator about implementing a ransomware prevention checklist that your organization can live by. Here’s to you and your critical corporate data’s health… Gesundheit!
Article as seen in Cyber Defense Magazine, November 2017 Issue, Page 40.