Ransomware attacks are immensely profitable for the hackers behind them; hundreds of millions of dollars have been paid out by businesses and organizations desperate to regain confidential data and essential infrastructure.
Ransomware has emerged as one of the top threats for businesses as an infection can potentially put your entire organization in disaster recovery mode.
How can you keep your organization protected from these malicious attacks? In this guide, we will examine some of the best practices involved with preventing ransomware on your network.
The more a company’s technology varies by brand, design, or operating system, the harder it is to implement across-the-board protections. If possible, IT teams should consider buying a fleet of equipment with identical or very similar hardware configurations.
When IT teams image workstations, they should aim for uniformity. Every workstation in the entire organization should have the same version of the same operating system installed on every PC. Mobile devices such as smartphones and laptops should also conform to this policy.
By taking this approach, your IT staff can widely reduce any nuances that may arise from workstations that get different updates as the result of having a unique system architecture.
The idea behind implementing a uniform technology procurement process is to simplify the work for your IT staff.
Most organizations use Windows Server Update Services (WSUS) as a way to deploy patches to machines with the Windows operating system installed. It is recommended to configure this service to automatically install all critical updates for Windows machines on your network. Otherwise, the IT staff will end up wasting productive worktime having to go from machine to machine to manually enforce updates.
System administrators will need to strictly enforce the reboot of recently updated machines, to ensure that patches completely finish installing before the user resumes their work.
For many organizations, Windows Server Update Status just isn’t enough. While some talented system administrators may elect to install updates for 3rd party applications using PowerShell or batch files, other IT teams elect to buy 3rd party patching suites that perform critical updates to other attack vectors not covered by updates received from WSUS.
Applications such as Adobe Flash, Java and others will need to updated in order to remain safe from the latest ransomware exploits.
A variant of ransomware called Locky is attacking businesses exclusively through e-mails. The infection masquerades itself as a normal office document ending in the XLSX, DOCX or PPTX formats. Other Locky infections have been reported in the ZIP format.
In this case, simple social engineering (the way people are always prone to opening attachments that seem to come from workplace emails, even if they don’t remember asking for such a document) is all it takes to infect your entire network within a couple of days.
Organizations must implement proper email security features at the server level in order to filter out as many of these emails as possible. ClamAV is a free antivirus engine that scans emails as they arrive at your gateway. Other 3rd party email gateway filtering solutions are available from vendors such as Barracuda, ProofPoint, and Trustwave.
Did you know that a new strain of ransomware is targeting mobile devices? Symantec notes that the Lockdroid ransomware infection is targeting Android users worldwide.
As a result, organizations should take proper precautions to ensure that their mobile devices do not become an attack vector for cyber criminals. Every mobile device in your organization should have some sort of security suite installed before it is deployed to users. This will help mitigate these new emerging ransomware attacks.
It is not uncommon for businesses to setup a central file repository as a mapped drive on every machine on the network.
For some line of business applications, this configuration may be necessary. On networks where mapped drives must be used, verify the security settings of the access control lists associated with folders that contain critical data. If mapped drives aren’t necessary, begin developing a strategy that migrates your users away from using mapped drives as their default file repositories.
Strains of ransomware commonly use the SVCHost process in order to gain access to files that are mapped using a drive letter. Any file that the user can access will get encrypted by the ransomware infection. By deviating away from mapped network drives, your business can contain a ransomware outbreak, should the infection get past your defenses.
As a best practice, your IT team should link users to network file locations using UNC paths versus mapping them as a drive letter. Using a group policy object, your system administrator can place a shortcut onto the desktop of each employee that needs access to this specific UNC path.
Users must become cognizant of the fact that cyber criminals are always looking for new targets to steal from. Ransomware provides the perfect way to attack someone on the other side of the world, in order to both extort money out of that organization and also to avoid dealing with the criminal fallout that might occur if the attack took place within their own nation’s borders.
When employees are trained on the existence of ransomware, they can begin to do their part in deflecting an attack. Employees should be required to perform quarterly training on the latest cyber threats that could impact your business. Training should include slideshows that present examples of nefarious emails, websites and links. Users should be tested on their knowledge in order ensure compliance among all employees throughout the enterprise.
It’s essential to ensure your organization is fully protected before you become the target of a ransomware or other cyber attack. These attacks are on the rise, and even startups and small businesses aren’t immune. At BACS, we provide Managed IT and Security services that ensure you are working with a dedicated technology partner, with customized plans available to fit your company’s unique needs and budget requirements. Schedule your FREE onsite consultation today by calling (650) 887-4601 or contact us online at any time.
Published on 21st June 2016 by James Berger.