Ransomware is unfortunately a regular headline when reading or watching the news. While news outlets regularly report of Ransomware's crippling effects on businesses or governments, rarely do we hear the reasons why the attack was successful and how it was resolved. When discussing ransomware attacks with our clients, we stress that it is better to have proper security in place, preventing a vast majority of these attacks from taking place. Ransomware should also be part of backup and disaster recovery plans to help contain and quickly mitigate the damage from these attacks without paying the ransom. Paying the ransom encourages these attacks to continue because it is profitable for criminals to sustain these attacks in search of the next victim.
Criminals use multiple ways of compromising your infrastructure to perpetuate Ransomware. Much like how a burglar will look at a building and find a weak point to enter, ransomware criminals will do the same to enter into the organization’s IT infrastructure. One key difference is Ransomware criminals have automated the process, and perform these attacks from other computers that have been compromised to help hide their tracks. Once the criminal’s automated systems have entered, it starts to take control of key parts, namely where files and backups are stored at. The Ransomware will then communicate back to the criminals network the instructions and the encryption key it should use and will start encrypting files, deleting backups, and will leave instructions on where to send payment. A price is given in bitcoin or other cryptocurrency (that goes up over time) of how much the random is. The criminals promise to give a key that can decrypt the files once payment has been received. Once the criminals are paid, they may not supply a decryption key, or the decryption key may not work. If the decryption key works there is still a process of restoring the files and systems needed for your organization to resume
Proper IT security and user education is the best way to prevent Ransomware from taking hold in the workplace or to perpetuate an unknown Ransomware attack on another organization. Here’s a rough outline of where to start when looking at IT security and how Go2IT can help implement them for your organization:
- Spam and Virus scanning of all incoming email. Email is the most common way for Ransomware to enter your organization’s IT infrastructure. Go2IT sells a service that scans emails before it reaches your organizations’s email infrastructure. This service is consistently updating the criteria for blocking mail that negatively affect your organization.
- Use a firewall designed for securing your organization’s network. Go2IT recommends the Sonicwall product line with Advanced and Comprehensive Gateway Security Services. When implemented properly, it will assist in scanning network traffic for viruses, restricting access to websites for content and security concerns, restricting specific countries' ability to contact the firewall.
- Use a centrally managed antivirus. This allows for regular updates to be delivered, and reports generated ensuring that the updates are applied. This also provides for alerts to be sent out if a virus is found and helps pinpoint where to focus attention. Go2IT has a service that is centrally managed without needing a server setup within your organization, and allows for easy monthly billing based on the number of devices protected.
- Restrict services presented to the outside world. Go2IT follows industry best practices and will work with your vendors and customers in only showing your organization’s key services to the public, restricting select services to only approved businesses, or enabling them to be used from a secure communication channel. Of special note of services to restrict is Microsoft Remote Desktop. Even though it is password protected, Go2IT has found that ransomware criminals target this service and will always recommend blocking this service from the internet unless it is secured through other means like a VPN.
- Setup VPNs to establish secure communication channels. VPNs (Virtual Private Networks) are a way to allow entire trusted sites or individual computers to allow access to services not allowed from the internet without these secure channels in place. It can be set up for organizations with multiple locations to automatically allow full communication securely transmitted over the internet, or having logins from company-owned devices, or allow select businesses access to a specific service not normally allowed from the internet.
- Follow best practices for user accounts, passwords, and file security. Highlights include automated password changes, not allowing the same password to be reused, and restricting access to folder based on group security. Many organizations use Microsoft Windows to process user account logins, Windows Servers has features that can be set up like Group Policies, File and Folder Security to address some of these concerns. Go2IT can assist with the setup of these features with your organization.
- Educate your organization’s users on common scams used to compromise their work account. Links in emails that ask for a login, having them call a phone number for computer support that isn’t part of your company IT or MSP. Law enforcement impersonation attempts with instructions to hand over account information or money.
- Apply security updates to your organization’s IT Infrastructure. New ways of compromising the network are found regularly, vendors release patches to address specific vulnerabilities when found. Go2IT can assist with automatic patching for Windows computers and servers, and working with your organization's network appliance vendors for patching.
Ransomware prevention isn’t always enough though. New vulnerabilities can be exploited before a vendor releases a patch, human error, or a compromised account can let Ransomware into your organizations IT infrastructure. Planning on multiple backups, securing backups, and disaster recovery planning can help your organization recovery from Ransomware quickly, and without paying the ransom. Go2IT can tailor a solution to match your organization's needs. Here are the common areas to plan for Ransomware recovery before the attack happens.
- Have a local backup that needs a unique login to access and has other methods of securing previous backups. For medium to larger organizations, Go2IT sells a storage device that needs a unique login to access and has daily snapshots of your organization's data that is hidden unless needed. Since the data is hidden, it cannot be encrypted or deleted by the Ransomware attack. This would allow for the fastest method of restoring from a backup after a Ransomware attack.
- Have an offsite backup that requires a special login to access. Go2IT has an offsite backup service that securely transmits and stores your organization's data, and previous backups cannot be deleted or encrypted due to how the service is designed. This is a second line of backups used in case the local backup isn’t available.
- Establish a Disaster Recovery and Contingency plan. Beyond Ransomware attacks, this should incorporate large telecommunication outages, electrical outages, natural disasters, and failures of individual parts of the IT infrastructure. Priority of service restoration, and contingencies through the 4, 8, and 24 hour blocks of time as services are restored. Go2IT can assist your organization with the planning and implementation of the plan and has services available if it is needed from industry-leading partners.
Go2IT is here to help your organization, please contact us at email@example.com or call us at 866-424-1233 for this or other IT needs.