Protect your business against malicious attack
HOW TO PREVENT THE RANSOMWARE ATTACKS SWEEPING THE WORLD
As you will have seen in the news on 13 May, 2017, a massive ransomware cyber-attack has impacted more than 200,000 victims in nearly 150 countries around the world. It is vital that you act now to stay ahead of future attacks.
WHAT IS RANSOMWARE?
Simply put, ransomware is a type of malicious software designed to block access to a computer system until a sum of money is paid. Hackers will put a ransomware virus on your computer – or your entire network – that makes it impossible for you to access your files until you pay them to unlock it. If you are not prepared to pay this ransom, then you’ll have to carry out ransomware removal.
WHAT IS THIS ATTACK?
This ransomware attack was caused by a bug called “WanaCrypt0r 2.0” or WannaCry, that exploits a vulnerability in Windows and spreads via email. WannaCry is believed to use the EternalBlue exploit, which was developed by the U.S. National Security Agency (NSA) to attack computers running Microsoft Windows operating systems to gain access to terrorists computers. EternalBlue exploits a vulnerability in Microsoft’s implementation of the Server Message Block (SMB) protocol. Despite the fact that the vulnerability was resolved by security update (MS17-010) provided by Microsoft on March 14, 2017, many Windows users had still not installed this security patch when, on 12 May, the WannaCry ransomware attack used the vulnerability to spread itself. This attack was unique because it used a worm. Worms differ from common Ransomware in that they can through exploits within the operating system, meaning that they do not require access to files and folders of local systems in order to spread. They utilise vulnerabilities that allow for remote code execution.
WHAT DO THEY WANT?
In this case the ransomware is demanding that users pay $300 to get their information back. However, within the last month TechBrain has also been made aware of two attacks in Perth (not clients of ours) where the cyber criminals demanded amounts in the thousands. In 2016 Trend Micro identified a 752% increase in new ransomware families ultimately resulting in $1billion in losses for enterprises worldwide. This is a large and growing issue for all organisations.
WHAT CAN I DO TO PROTECT MY BUSINESS AGAINST RANSOMWARE?
TechBrain in Perth recommends a multi layered approach to controlling Ransomware:
- Improve discovery and backup with active archiving
- Application of high priority Microsoft updates at regular intervals
- Perimeter protection including Unified Threat Management for inbound and outbound protection
- Server and workstation firewalls
- Endpoint Protection with zero day threat protection and ransomware detection built in – looks for suspicious behaviour, backs up files and blocks processes
- Lockdown of user permissions to ensure you restrict the damage that processes can do
- UAC and policies to block script and processes from executing from temporary and system folders
- Education of staff to recognise suspicious website and emails to ensure that they do not execute
- Containment – if users suspect infection then power off and disconnect machines from the network and notify system administrators immediately
- Ensure backups are performed daily (hourly if your system supports it), are working and are taken off site
WHAT HAPPENS IF I GET ATTACKED AND HOW CAN I CARRY OUT RANSOMWARE REMOVAL?
If the worst happens and you find yourself under attack from malicious software that’s locked you out of your system, with a message demanding payment then you will most likely need professional help to get cleared of the virus. Do not pay the attackers any money, our ransomware removal services can assist you in clearing your systems of all malicious viruses and get you back up and running.
WHAT TO TELL STAFF
Ongoing education is critical. Ensure that staff are aware of the dangers of opening attachments in unknown emails, or downloading software or apps onto work computers. Staff should be reminded of any internal policies designed to keep them away from sites not connected to their work – this should reduce the chances of someone visiting a site that is distributing ransomware.