Protecting against the rise of Ransomware
Once again Ransomware is on the rise. People are losing their data forever and yet this isn’t completely a technical problem, it is a user knowledge and training one as well.
If you don’t know what Ransomware is, you can read up on it here.
Over the last few weeks, Ransomware has managed to infect sites and in all cases it has been down to clever social engineering (tricking the user). The antivirus systems may be installed, but literally one hour out of date on definitions (updates).
We are therefore writing this post to give you some suggestions on how to educate your colleagues to not be tricked into installing these items as well as giving you some technical advice on how NTES might assist you in further protecting your network.
Human nature is such that one of us will sooner or later “open the box” and reveal what’s behind the door. Therefore, if they get an email that says “Here is your important invoice that if you don’t pay now your entire email system will fail”, they tend to do whatever it takes to open that email. This might include clicking otherwise typical instructions such as ‘enable macros’, or ‘download this file which will fix this invoice if you cannot read it’.
The user…. just wants to do the right thing. They want to open that invoice, and pay it, before the boss loses his/her email system. They don’t realise that they are potentially going to enable a nasty script (macro) in Word, and then download a nasty file from Dropbox or some other file hosting site, and then while they read the invoice which is useless, their system is slowly and quietly encrypting all of company data on the Shared Network Drive or a Local Drive.
Then, the virus, clever as it is, disables your ability to restore from a morning snapshot. Then, this virus which may have happened on a Friday night, and the company only has enough space on the backup drive for three days, Guess what, come Monday, it’s too late. You have no way of getting your data back, even if you pay the ransom you still may not. But even if you do, like this hospital had to, the cost is so high that the organisation is seriously and adversely affected. Whatever that cost is, the cost is too high for most companies and we would never recommend paying the ransom.
What we do recommend is that you teach your colleagues some of these simple things:
- If the file cannot be read or opened easily. Its normally bad.
- If you don’t know the sender of an email, be extra careful with any attachment.
- If you get an email that is in your junk email, but looks valid, it probably is a bad mail. Check the links before clicking. Hackers are clever, they make their emails look like they come from Microsoft / Apple / Google etc.
- If you have any doubt, don’t open it.
- Never plug in a device to your network that has not first been checked by your IT team.
There are many more things you can share with your users, and NTES can certainly assist if you want official user training.
When it comes to technical solutions / protection, NTES can also help. Whilst none of these solutions by themselves protect you fully, having them will certainly make it a lot harder for hackers / ransomware to completely take down your business.
- Have an offsite backup of at least 30 days, plus 3 months that is encrypted.
- Implement Antivirus. We recommend ESET.
- Implement Content Filtering. Restrict your users from accessing “bad” sites, and personal email systems. NTES use OpenDNS Umbrella for our customers.
- Never give users local administrator rights on their PC’s.
- Block USB devices on your network unless approved. NTES have multiple solutions to restrict USB plug in devices.
- Use Ad blockers in browsers.
- Use Email Filtering to block executables in attachments (NTES do this with ExchangeDefender and Office365).
- Disable Office Macros.
- Patch (update) your network. Not just Windows / Office. Patch Java, Adobe etc. NTES do this with our remote monitoring software.
- Block Adobe Reader from opening links.
- Use Group Policy / Software Restriction Policies on your network to block executables from running. Again, this is something that NTES can implement on your network with guidance from the customer on what they need to allow.
NTES can of course provide consultancy and training to our customers. A small amount of investment in these protections can save you massive amounts of money and loss of time in the future.
Call us today at:
Limerick: 061 386600
Dublin: 01 9011234
Cork: 021 6030707
Thanks for reading, please share this post and help stop the spread of Ransomware and Malware.