Ransomware attacks – when a malicious page or attachment runs code locking down your computer, demanding a ransom be paid for access to your data – are on the rise. Some of these viruses can travel across a network infecting many machines in one organization, bringing everything to standstill.
In the past these attacks were usually aimed at small and medium-sized businesses and consumers, are now increasingly targeting larger businesses. Even worse, they are increasing in frequency. In fact April 2016 was the worst month for Ransomware in the U.S.
Despite broad media coverage of Ransomware over the past several years, users opening an email with an attachment is still the main way these attacks are initiated. While anti-spam/anti-virus solutions can sometimes prevent Ransomware from getting into corporate systems, the attackers are working day and night to circumvent traditional protection methods and exploit new attack vectors.
Our process at Technology Associates is to deploy a multi-layered approach, addressing both prevention and response. Patching all known vulnerabilities forms the foundation of a good security plan but this is often easier said than done. Since many vulnerabilities that are exploited lie in ‘third party’ software, such as Adobe, it is critical to have a system that patches both the operating system AND applications.
For prevention, we employ a five-layer approach. The three main layers are anti-spam, anti-virus, and content filtering, which prevents machines from making requests for known malware delivery sites. On top of the three core layers, we add an additional piece of software aimed specifically at preventing Ransomware. While this piece does increase user support issues (because of the way it locks down the machine), it seems to do a reasonably good job of preventing problems.
The fifth layer is, of course, ensuring that a thorough, up-to-date backup system is in place and functioning as intended. Careful planning, focus, and discipline are needed to ensure all these systems are deployed properly and functioning as designed.
While prevention is good, you can’t stop there – you must plan for response. Even with the most diligent approach to Ransomware prevention, we still see issues from time to time. A response plan should NOT include paying the ransom! It just encourages further attacks.
We have a tested and proven emergency response plan centered around isolating the infected machine to halt the spread of the virus and quickly restoring affected files. We have developed and refined this process over the years and has proven effective.
That brings me to the last and most effective approach to Ransomware – EDUCATE YOUR USERS! They shouldn’t be clicking on emails/links that they weren’t expecting – plain and simple!