Ransomware

The best way to deal with a ransomware attack is not to have one!

Put simply, any attack will cause you issues. A properly configured backup system will ensure you can recover documents, but think about the time lost, and even worse – what if your documents are made public?

So what steps are necessary to avoid, and if necessary mitigate a ransomware attack?

TRAINING

Rarely considered, this is perhaps the most important thing of all. Almost all attacks will be avoided if staff are correctly trained. Line staff should be able to recognise potential threats and contact support personnel. IT support personnel should know what to do with these threats. Finally managers need to ensure appropriate measures are in place such that if staff do make the wrong decisions the business won’t be badly affected.

CyberX can provide training to all levels of staff.

SECURITY UPDATES AND PATCHES

Another item that is rarely considered by non-IT personnel, but like training this item features very highly in a security specialist’s list.

Security updates are addressing known vulnerabilities, so don’t give attackers a “free kick” at your network by not addressing these vulnerabilities. This is particularly pertinent for servers that host services that are publicly accessible on the Internet but is still applicable to any computer that has access to the Internet

E-MAIL PROTECTION

This is the easiest and cheapest medium for an attacker and extremely common. Most everyone will have seen an e-mail purporting to be from a bank or AGL requiring you to “reset your password”.

In early days these attacks were very basic with many spelling or other errors and hence easy to detect. Unfortunately we’ve seen increasingly sophisticated attacks recently that very closely mimic the actual e-mails they are imitating.

An important layer of defence is an “e-mail gateway” that filters these e-mails out. CyberX has an e-mail solution available that will block all known scams but additionally quarantines unknown e-mails containing an external link. These e-mails are reviewed by one of our security specialists who will determine if the e-mail is in fact legitimate, and if so release it. This feature is unique to CyberX

END-POINT PROTECTION

Formerly and often still known as “Anti-virus Protection” End-Point Protection (EPP) protections your computer against known threats by using a combination of signatures of known threats and intelligence based on behaviour.

SPECIFIC RANSOMWARE PROTECTION AGAINST ZERO-DAY THREATS

EPP is often of little benefit against so called “Zero-Day Threats”. These are very recently generated and as such their signatures have not made it into the EPP databases. Anti-ransomware protection detects specific ransomware activity and stops it quickly.

USER VS ADMINISTRATOR ACCOUNTS

Most people log into their computers as a full local administrator. Although convenient, it is a major security minus. In the event of any form of malware attack, the attacker will immediately have access to every part of the computer.

With User Access Control (UAC) it is possible to have a separate administrator account. When performing functions that require full access you will be prompted for the password. This will provide substantial protection against an automated ransomware attack and some protection against a user ransomware attack.

SECURE REMOTE DESKTOP CONNECTIONS

Incredibly, the number one vector for ransomware infections amongst small to medium size businesses is via insecure Remote Desktop connections. This is because large businesses have the resources to implement VPN services and/or secure Remote Desktop servers, unfortunately smaller businesses often do not (or believe they don’t – refer the CyberX Managed VPN solution).

Does your business allow Remote Desktop connections from users working from home? Are you sure they are secure? Is your password secure? Remember a hacker can attempt to break a password without you ever knowing. Ideally all Remote Desktop passwords should be 20 characters or longer with a phrase often being easiest to remember. Refer to this article on what makes a secure password.

CyberX can provide secure VPN connections for your staff to your office, starting from only $2/user/month for a 10 remote user business and even less per user for larger businesses.

BACKUPS

The final line of defence against ransomware is your backup system, enabling you to restore to the last backup.

It is essential that your backup system has multiple copies of your backup, and that at least one of these backups is offsite and unable to be easily accessed. If you can easily access it, it is possible that the ransomware can also access it – and encrypt it.

Note that we have seen very sophisticated attacks that have disabled local backup protection prior to encrypting the backups.

The CyberX backup system includes 3 layers of protection ensuring that even the worst ransomware attack will be unable to destroy your backups.