Cryptographic malware is a new type of virus that is designed to hold your data for ransom. The infection’s payload encrypts the data on any hard disks or mapped network drives that the machine is currently using, creating a disaster recovery scenario for a business.
Organizations only have two choices when they are hit by ransomware; pay the ransom fee or restore their data from backups. Neither of these options are fun to execute, but seemingly enough, many businesses simply pay the ransom in order to get their data back. Exactly how big of a threat is ransomware? See for yourself:
Ransomware Costs Businesses $325M Per Year
Ransomware has created up to $325 million in revenues for hackers over the past year. High profile ransomware attacks have impacted hospitals, police stations, financial organizations, and more.
The FBI reports that 90% of all data breaches are avoidable. In the case of ransomware, most businesses can extinguish the fear of ever receiving a pop up a message on the screen asking them to transfer bitcoins in order to regain access to company data.
How to Deflect Ransomware Attacks
IT staff must adhere to strict guidelines in terms of what they will allow their users to do on their network. In addition, it is critical for your IT staff to ensure that your organization has reduced its attack surface. Here are a few tips on how mitigate the threat of ransomware on your network:
Update Your Systems Early & Often
Your business should always install critical Windows Updates from Microsoft through a distribution suite such as WSUS.
Vulnerable components such as Adobe Flash, Java, and Silverlight should be updated as soon as possible to avoid an exploit from taking place.
Use a Robust Firewall with Advanced Content Filtering Settings
Your business should create a perimeter around its connections to the outside world by setting up strict content filtering policies. Many firewalls let you get granular enough to configure settings such as:
- Blocking specific geographic regions from connecting to your network
- Filtering websites by category or content rating
- Locking down VPN policies with industry recognized encryption
- Implementing intrusion prevention policies
- Filtering and preventing suspicious XML files, port scans, and advanced attacks
Consider Locking Down Your Systems with Group Policy
Consider what applications run on your network and how they communicate with the outside world. To prevent ransomware from happening, organizations can use Windows group policy to lock down vulnerabilities in their Windows network.
Configure the Windows Firewall and create a whitelist for applications to operate upon your network. If the application is blacklisted, it shouldn’t run.
You can also use group policy to lock down common locations in which malware breeds on systems. Organizations can configure a whitelist of file types that can run in these locations, with all other types being denied the access to launch.
Change the Way You Think About File Shares
If an individual PC is hit with ransomware in your business, you may be able to sustain day-to-day activities while your IT crew provisions a new PC. If the ransomware infects your file servers, you could have a major problem.
Most ransomware uses a legitimate process called SVCHost.exe. This app facilitates connections to file servers from local PCs that are connected using mapped drives. If your businesses uses mapped drive letters to share data, you may want to rethink this practice.
As an alternative, a network administrator could create policy disabling mapped drives while simultaneously deploying UNC paths as shortcuts to the network locations onto the user’s desktop. This dramatically reduces the impact of a ransomware attack, should one sneak through the cracks.
Consider 3rd Party Solutions
Many organizations rely upon third party solutions to help reduce the attack surface of ransomware.
One popular solution is Microsoft EMET which creates another layer of protection on systems for users that are required to have Adobe Flash, Java, Silverlight, and other vulnerable apps on their systems.
Malwarebytes has a new solution called Anti-Ransomware, which does exactly what it says that it will do. Popular AV vendors, such as Kaspersky, have released tools to complement traditional AV platforms, considering the fact that many AV platforms have been unsuccessful in mitigating ransomware attacks.
Stay Informed About the Latest Ransomware Attacks
Ransomware has become a lucrative endeavor for hackers, making it more likely that they will try to innovate an attack that targets an unnoticed weakness on your network.
The best offense is a good defense, and the first line of defense against ransomware threats is intelligence. Stay up to date on the latest crypto malware attacks. Consider setting up a Google Alert on the topic “Ransomware” so that you can get the latest scoop on an attack; this way, you’ll always be able to know what to lockdown in order to never have deal with the impact of an attack.
If you have any worries about your network security, please call us at (833) 482-6435, or click the banner below to schedule an IT security audit so we can find the best security solutions for your business. Preparation for threats like this is a small cost compared to repairing the damage of an actual infection.
If you enjoyed this IT Support article, please check out other posts on our blog and join us on Facebook, Twitter, LinkedIn, and Google+ to see how else we can help your Greenville, SC or Atlanta, GA area business succeed!