With the growing popularity of ransomware cyber attacks, we thought we’d spend the next few weeks covering the topic so you can better understand what ransomware attacks are, who’s behind them, how to protect against them, and what to do if you become a victim of such an attack. This is post 6 of 6.
Ransomware attacks have generated hundreds of millions in profits for cyber criminals. Ransomware has emerged as one of the top threats for businesses as an infection can potentially put your entire organization in disaster recovery mode.
How can you keep your organization protected from these malicious attacks? In this guide, we will examine some of the best practices involved with preventing ransomware on your network.
Create and Enforce Uniform IT Procurement Policies
If possible, IT teams should consider buying a fleet of equipment with identical or very similar hardware configurations.
When IT teams image workstations, they should aim for uniformity. Every workstation in the entire organization should have the same version of the same operating system installed on every PC. Mobile devices such as smartphones and laptops should also conform to this policy.
By taking this approach, your IT staff can widely reduce any nuances that may arise from workstations that get different updates as the result of having a unique system architecture.
Implement a Bulletproof Patch Distribution Strategy
The idea behind implementing a uniform technology procurement process is to simplify the work for your IT staff.
Most organizations use Windows Server Update Services (WSUS) as a way to deploy patches to machines with the Windows operating system installed. It is recommended to configure this service to automatically install all critical updates for Windows machines on your network.
System administrators will need to strictly enforce the reboot of recently updated machines, to ensure that patches completely finish installing before the user resumes their work.
WSUS: Is It Enough?
For many organizations, WSUS just isn’t enough. While some talented system administrators may elect to install updates for 3rd party applications using PowerShell or batch files, other IT teams elect to buy 3rd party patching suites that perform critical updates to other attack vectors not covered by updates received from WSUS.
Applications such as Adobe Flash, Java, and others will need to be updated in order to remain safe from the latest ransomware exploits.
E-mail Attachment Security
A variant of ransomware called Locky is attacking businesses exclusively through e-mails. The infection masquerades itself as a normal office document ending in the XLSX, DOCX, or PPTX formats. Other Locky infections have been reported in the ZIP format.
Organizations must implement proper email security features at the server level in order to filter out as many of these emails as possible. ClamAV is a free antivirus engine that scans emails as they arrive at your gateway. Other 3rd party email gateway filtering solutions are available from vendors such as Barracuda, ProofPoint, and Trustwave.
Did you know that a new strain of ransomware is targeting mobile devices? Symantec notes that the Lockdroid ransomware infection is targeting Android users worldwide.
As a result, organizations should take proper precautions to ensure that their mobile devices do not become an attack vector for cyber criminals. Every mobile device in your organization should have some sort of security suite installed before it is deployed to users. This will help mitigate these new emerging ransomware attacks.
Stop Using Mapped Network Drives Immediately
It is not uncommon for businesses to setup a central file repository as a mapped drive on every machine on the network.
For some line of business applications, this configuration may be necessary. On networks where mapped drives must be used, verify the security settings of the access control lists associated with folders that contain critical data. If mapped drives aren’t necessary, begin developing a strategy that migrates your users away from using mapped drives as their default file repositories.
Strains of ransomware commonly use the SVCHost process in order to gain access to files that are mapped using a drive letter. Any file that the user can access will get encrypted by the ransomware infection. By deviating away from mapped network drives, your business can contain a ransomware outbreak, should the infection get past your defenses.
As a best practice, your IT team should link users to network file locations using UNC paths versus mapping them as a drive letter. Using a group policy object, your system administrator can place a shortcut onto the desktop of each employee that needs access to this specific UNC path.
Training for Employees
Users must become cognizant of the fact that cyber criminals are trying desperately to con your organization out of money. Ransomware provides the perfect attack vector for a person on the other side of the world to extort your business out of money.
When employees are trained on the existence of ransomware, they can begin to do their part in deflecting an attack. Employees should be required to perform quarterly training on the latest cyber threats that could impact your business.
Training should include slideshows that present examples of nefarious emails, websites, and links. Users should be tested on their knowledge in order ensure compliance among all employees throughout the enterprise.
If you have any worries about your network security, please call us at (833) 482-6435, or click the banner below to schedule an IT security audit so we can find the best security solutions for your business. Preparation for threats like this is a small cost compared to repairing the damage of an actual infection.
If you enjoyed this IT Support article, please check out other posts on our blog and join us on Facebook, Twitter, LinkedIn, and Google+ to see how else we can help your Greenville, SC or Atlanta, GA area business succeed!