Ransomware, what is it, and what can you do about it?

 

Some of you may have recently read about WannaCry, the largest ransomware attack ever recorded, currently spreading to computer systems around the globe.  What is ransomware? In a nutshell, it is a variant of malware (malicious software) which encrypts data without your permission.  Once encrypted, it will attempt to extort money from the victim for the safe restoration of said files, basically holding your files hostage.

Many companies today are using old, out of date hardware and software, and lack a solid security or backup program that would help to mitigate this threat.  The majority of these malicious attacks are the result of a user clicking on a link or attachment in an email, or browsing unsafe websites.  WannaCry also utilizes a worm, which is malware that can actually seek out and spread to other vulnerable PCs on your network.

WannaCry is just the beginning.  Due to the unfortunate success of these types of cyberattacks, we will almost certainly see an increase going forward, both in the number of attacks, and their sophistication.

Below is a list of some of the steps your organization can take to prevent a ransomware attack, and how being a MoseSys customer helps to mitigate this threat.

  1.  System security – An effective, up to date security software is essential in preventing cyberattacks of all kinds.  Our service includes industry-leading antivirus and malware prevention software on each computer, constantly monitoring for virus and malware signatures and activities.    Our security tools are cloud based, providing instant updates and signatures for known attacks.
  2. User Security – We also recommend restricting access to administrative privileges for your users.  The Principle of Least Privilege is a rule in IT security that dictates the limiting of employee user rights to the minimal level that will allow them to perform their job, no more.  This principle goes a long way in minimizing the potential damage of any security breach, both accidental and malicious.
  3. Consistent patching – The fix for the WannaCry exploit has already been released by Microsoft, listed below:

KB4019216 — Windows 8 and Windows Server 2012

KB4019264 — Windows 7 and Windows 2008 R2

KB4019215 — Windows 8.1 and Windows 2012 R2

KB4012598 — Windows XP, Windows Server 2003, Windows 8, Windows XP Embedded

Vulnerable systems are the ones that don’t update regularly, or are running an out-of-date version of Windows.  As a MoseSys customer, your systems are always up-to-date with the latest critical security updates from Microsoft and other vendors.  Our Patch Doctor software monitors the patch status of your machines, and attempts to redeploy any failed attempt, alerting us along the way.

4. Email – As mentioned earlier, the majority of these attacks infect the system   through email attachments and links.  As a MoseSys exchange email customer, your emails and attachments are filtered through multi-stage, server-level virus detection tools, before they even get to your inbox.   This includes 60 types of filtering techniques that rid incoming email of worms, viruses, phishing attempts and other protocol-based vulnerabilities.

5. Backup –  A solid backup strategy is critical.  Ransomware is so effective because most victims do not have another copy of the encrypted data, or in some cases the backup data also becomes encrypted.   MoseSys backup solutions include cloud and local backup solutions for redundancy.

6. User Training – It is essential that your employees practice good digital hygiene, especially when using company computers and accounts. This includes being cautious about suspicious emails, links and attachments.  If you are not sure if an email is legitimate, try to contact the sender or company directly to confirm. Avoid unknown and suspect websites and weblinks while using company equipment.  Remember that sometimes legitimate sites contain ads or links that can take you to third parties who are not as well known or proven.

Please contact your MoseSys support team with any questions.

For additional information please review the US Federal Computer Emergency Readiness Team (US-CERT) recommendations for users:

https://www.us-cert.gov/security-publications/Ransomware