TechBrain

Trusted ransomware removal & protection | TechBrain is your Trusted IT Department

Protect your business against malicious attack

HOW TO PREVENT THE RANSOMWARE ATTACKS SWEEPING THE WORLD.

On 13 May, 2017, a massive ransomware cyber-attack has impacted more than 200,000 victims in nearly 150 countries around the world. It is vital that you act now to stay ahead of future attacks.

WHAT IS RANSOMWARE?

Simply put, ransomware is a type of malicious software designed to block access to a computer system until a sum of money is paid. Hackers will put a ransomware virus on your computer – or your entire network – that makes it impossible for you to access your files until you pay them to unlock it. If you are not prepared to pay this ransom, then you’ll have to carry out ransomware removal.

WHAT IS THIS ATTACK?

This ransomware attack was caused by a bug called “WanaCrypt0r 2.0” or WannaCry, that exploits a vulnerability in Windows and spreads via email. WannaCry is believed to use the EternalBlue exploit, which was developed by the U.S. National Security Agency (NSA) to attack computers running Microsoft Windows operating systems to gain access to terrorists computers. EternalBlue exploits a vulnerability in Microsoft’s implementation of the Server Message Block (SMB) protocol.

Despite the fact that the vulnerability was resolved by the security update (MS17-010) provided by Microsoft on March 14, 2017, many Windows users had still not installed this security patch when, on 12 May, the WannaCry ransomware attack used the vulnerability to spread itself. This attack was unique because it used a worm. Worms differ from common Ransomware in that they can exploit weaknesses within the operating system, meaning that they do not require access to files and folders of local systems in order to spread. They utilise vulnerabilities that allow for remote code execution.

WHAT DO THEY WANT?

In this case, the ransomware is demanding that users pay $300 to get their information back. However, within the last month, TechBrain has read in the press about numerous attacks where the cyber criminals demanded amounts in the millions. In 2016 Trend Micro identified a 752% increase in new ransomware families ultimately resulting in $1billion in losses for enterprises worldwide. This is a large and growing issue for all organisations.

WHAT CAN I DO TO PROTECT MY BUSINESS AGAINST RANSOMWARE?

The ransomware recovery services that we offer are multilayered. TechBrain in Perth recommends the following approach to control ransomware attacks:

  1. Improve discovery and backup with active archiving.
  2. Application of high priority Microsoft updates at regular intervals.
  3. Perimeter protection including Unified Threat Management for inbound and outbound protection.
  4. Server and workstation firewalls.
  5. Endpoint Protection with zero day threat protection and ransomware detection built in – looks for suspicious behaviour, backs up files and blocks processes.
  6. Lockdown of user permissions to ensure you restrict the damage that processes can do.
  7. UAC and policies to block script and processes from executing from temporary and system folders.
  8. Education of staff to recognise suspicious website and emails to ensure that they do not execute.
  9. Containment – if users suspect infection then power off and disconnect machines from the network and notify system administrators immediately.
  10. Ensure backups are performed daily (hourly if your system supports it), are working and are taken off site.
 

WHAT HAPPENS IF I GET ATTACKED AND HOW CAN I CARRY OUT RANSOMWARE REMOVAL?

If the worst happens and you find yourself under attack from malicious software that’s locked you out of your system, with a message demanding payment then you will most likely need professional help to get cleared of the virus and to recover potentially locked data. Do not pay the attackers any money. Our ransomware recovery services can assist you in clearing your systems of all malicious viruses and get you back up and running. In many cases, ransomware data recovery is possible when the right decryption tool is used, the ransom payment is withheld, and the type of malware is identified.

WHAT TO TELL STAFF

Ongoing education throughout the entire process is critical. Ensure that staff are aware of the dangers of opening attachments in unknown emails, or downloading software or apps onto work computers. Staff should be reminded of any internal policies designed to keep them away from sites not connected to their work – this should reduce the chances of someone visiting a site that is distributing ransomware. Ongoing education can also help in preventing ransomware in the future, as well as setting up fail-safes (e.g., encrypting, anti-virus software, and advanced malware detection software) to prevent future attacks.

A Word From One of Our Valued Clients

“The TechBrain team consistently works hard to find the most efficient, cost effective solutions for our IT requirements. We are more than happy with the service – it is prompt, reliable and very user friendly. Fantastic staff, can’t fault them :).” – Envision Medical Imaging
See what some of other valued clients have to say

Existing
IT PROVIDER
wasting your
money?

(08) 9201 2340
Get a Free Consultation

Looking for IT solutions in Perth? If your business is looking for a trusted IT partner with nationwide capability, TechBrain is here to support you.