Hands On IT Services has been fighting ransomware for years and up to this point there has been no real defence against it. In the world of IT, ransomware such as CryptoLocker is a major issue in what seems like an impossible task of keeping it at bay along with the cost and business interruptions it causes. If you have already been a victim of ransomware then you may wish to go to our page about Heimdal Security.
For those who want to find out more, please read on.
How does ransomware work?
- You don’t know you have it until it’s too late.
- It gets in through un-patched software (not just Windows), users clicking on adverts in legitimate sites, email attachments and phishing attacks, crucially this can happen to even the most technically savvy user, not just users who aren’t cautious.
- It seeks out your network drives and encrypts your shared data, which is how it can affect your whole company.
- It can take many hours, if not days to completely contain the initial problem and prevent it from re-occurring, only then can you begin to recover your data from backup.
- Users will be either completely unable to work or severely disrupted while a clean-up is being performed.
- If your files are encrypted there is no way they can be decrypted without the passkey and the only way to get that is to pay for it.
- There is no guarantee that you will receive the decryption key once you have paid.
- If you do pay and the files are decrypted, then your credit card details will more than likely be sold on (or used directly) for other fraudulent activity, after all they are criminals.
- Having an Antivirus solution is essential but ransomware is designed to sidestep it and users with fully installed and up to date AV solutions are still getting infected.
- Ransomware is not going away as it is extremely lucrative and low risk to the people behind it and will only become more widespread as more and more systems are becoming connected to the internet (The Internet of Things).
The golden rule
The key to recovering from an attack is having an up to date backup and treating it with the highest priority. Make sure that you have some sort of backup that is not connected to your network as in the event of CryptoLocker striking it could find this on the network and encrypt that as well.
What can you do to reduce the risk?
Staff training is crucial as the majority of infections come from a result of user actions. Create appropriate policies and guides so that users have a clear understanding.
Review all aspects of your companies IT security, below are some key areas you need to look at:
- Have and enforce a solid password policy – combined with 2 factor authentication if possible.
- Make sure that all computers have software updates installed regularly – all applications, not just windows.
- Check firewall settings frequently and make sure any unnecessary ports are closed.
- Review user security and network access privileges for each user – if they don’t have rights to the data then it can’t be encrypted by them.
- Where possible, tighten control on the number of users who have local admin rights – if they can’t install a problem on the computer then ransomware can’t be installed.
- Secure your WiFi Access points and check routinely.
- Scan your network for unknown devices or anything that could be used as an Access Point (Internet of Things).
The above list is not exhaustive but will certainly reduce your risk of infection, however after many years of dealing with ransomware we have come to realise that even the most secure and up to date networks are still at risk.
What we can do to help?
We would initially recommend a full network audit that looks at all aspects of your current setup and then produce a report that clearly identifies high, medium and low risk areas which you can then action yourself or ask us to assist with.
The full network audit would not only report on how to reduce the risk of ransomware but would also make sure your overall network is as secure as possible and General Data Protection Regulation compliant.
Having spent a long time looking for one solution to the ransomware problem we realised that there isn’t just one “magic bullet” type solution but we have found a product that does provide a safety net called Heimdal and we now offer this as part of our managed endpoint security service.