14 Tips to Protect Your Business from Ransomware Attacks
used with permission from SBA.gov by Natale Goriel
Ransomware attacks are the fastest growing malware threats. On average, more than 4,000 ransomware attacks have occurred daily since January 1, 2016. Ransomware, a type of malicious software that infects and restricts access to a computer until a ransom is paid, affects businesses of all sizes. The good news is that there are best practices you can adopt to protect your business.
- Implement an awareness and training program. Because end users are targets, employees should be aware of the threat of ransomware and how it is delivered.
- Enable strong spam filters to prevent phishing emails (an attempt to obtain sensitive information electronically) from reaching employees and authenticate inbound email using technologies like Sender Policy Framework (SPF), Domain Message Authentication Reporting and Conformance (DMARC), and DomainKeys Identified Mail (DKIM) to prevent email spoofing.
- Scan all incoming and outgoing emails to detect threats and filter executable files (used to perform computer functions) from reaching employees.
- Configure firewalls to block access to known malicious IP addresses.
- Patch operating systems, software, and firmware on devices. Consider using a centralized patch management system.
- Set anti-virus and anti-malware programs to conduct regular scans automatically.
- Manage the use of privileged accounts based on the principle of least privilege: no employees should be assigned administrative access unless absolutely needed and those with a need for administrator accounts should only use them when necessary.
- Configure access controls—including file, directory, and network share permissions— with least privilege in mind. If an employee only needs to read specific files, the employee should not have write access to those files, directories, or shares.
- Disable macro scripts (tool bar buttons and keyboard shortcut) from office files transmitted via email. Consider using Office Viewer software to open Microsoft Office files transmitted via email instead of full office suite applications.
- Implement Software Restriction Policies (SRP) or other controls to prevent programs from executing from common ransomware locations, such as temporary folders supporting popular Internet browsers or compression/decompression programs, including the AppData/LocalAppData folder.
- Consider disabling Remote Desktop protocol (RDP) if it is not being used.
- Use application whitelisting, which only allows systems to execute programs known and permitted by security policy.
- Execute operating system environments or specific programs in a virtualized environment.
- Categorize data based on organizational value and implement physical and logical separation of networks and data for different organizational units.
Visit the U.S. Computer Emergency Readiness Team website for additional information on how to protect your business from ransomware attacks.
Editor’s note: Best practices provided by the U.S. Government interagency guidance document, “How to Protect Your Networks from Ransomware”.
Read more about June 2017's managed services newsletters.
WannaCry Ransomware Attack Hits Organizations Globally
On Friday, May 12th, tens of thousands of ransomware attacks struck more than 74 countries, including the United States, within hours. This unprecedented ransomware attack crippled a number of UK hospitals, where staff were unable to access patient records and appointments because their files were taken hostage. The ransomware infection has continued spreading, though by Monday, May 15th, there were reports that it was slowing down.
This ransomware strain called “WannaCry” (and other names) takes advantage of a Windows vulnerability (a flaw in the Microsoft SMBv2 network protocol) which Microsoft released a patch for in March. However, older systems still running the deprecated Windows XP operating system do not benefit from that patch, and many systems had not run the patch when available. On March 14th, Microsoft released patches for out of date operating systems in order to slow the outbreak.
WannaCry renames files with the “.WCRY” extension and asks for a ransom of $300 in Bitcoin to unlock the files.
There is no way to decrypt the files without paying the ransom, and there is no guarantee that systems will be restored if the ransom is paid. Organizations affected are urged to restore their systems from backups.
This ransomware attack has been an unprecedented crippling global event, and it isn’t over yet.
What should you do to protect yourself and your business?
First and foremost, be vigilant in securing your systems, including running all patches and updates promptly.
A reliable backup and disaster recovery solution remains the best and most effective defense against ransomware attacks. If you are hit with ransomware, restoring your system and data from fresh backups is the only way to recover without paying the ransom.
And finally, people should be cautious when opening emails and attachments (particularly executable files and zipped files). Employees can greatly benefit from IT security awareness training on how to recognize threats and suspicious activity.
Please contact ACTS at email@example.com or (904) 317-2140 for information on security training or additional information on how to protect your company from attacks.
Read more about May 2017's newsletter.