October 17, 2018

Defending from the Ransomware Threat

Assurance

Every time I teach a seminar on IT Security Preparedness one question always comes up: “Why is someone writing these malware programs and trying to install them on my computer?” and my answer is always “because someone makes money from it”.

Malware and specifically ransomware have become big business. You might have seen this happen to a friend or colleague. They visit a website link or open a spam email, and rapidly thereafter important documents on their computer are no longer available.

Sometimes there is an accompanying warning screen.

The modus operandi of this ransomware is to encrypt files you hold dear and then ask for money to unlock the files.

When this attack happens to your home computer and your personal photos it can be painful.

When this attack happens to your workplace, it can be devastating. Your business may grind to a halt.

Last February Hollywood Presbyterian Medical Center lost access to key patient systems after a ransomware attack on their network. The hospital had to switch to paper record keeping and when their IT team could not recover the data, $17,000 had to be paid to have their files unlocked.

Proactive security measures like Antivirus and Firewalls are still critical protection for every network but the makers of malware can easily disguise their programs to get past your defenses. The criminals know what common antivirus checks for and there is a big payday if they can slip past those defenses and a complacent staff member is enticed to run their program.

When ransomware does slip through your best defenses, then the clock is ticking to stop the spread of infection and return any business systems infected back to their state before the ransomware took hold. Identify who has infected the network, power down their computer and unplug it. Worry about cleaning that computer later. Then get in touch with your IT team and assess the damage.

Most ransomware will act with the security permissions of the person who accidentally launched the program. By setting up network shares by department and defaulting to restrictive policies can help minimize damage from an attack. If the ransomware can only get to limited network locations, then business disruption is limited.

The next step for preparedness is good old fashioned disaster recovery. If ransomware encrypts critical data the speed with which your IT team can restore will determine how long these files are unavailable to your business.

A multilayered disaster recovery approach will save the day. Windows file shares should be on disk partitions with enough space for Microsoft Volume Shadow Copy to be able to backup changed files a minimum of twice per day. Disk space is cheap and Shadow Copy is a free service on every Windows server.

Additionally, data should be backed up to a location not accessible to the network. If the ransomware can reach your backups, then those are at risk as well. Offsite backup services are more affordable than ever. As little as $0.36 per Gigabyte per month backups up data to distributed offsite cloud facilities so you can safely restore data rapidly without paying the ransom.

Tips and Tricks for Improving Small Organization Internal Controls

Small nonprofit organizations still have effective and efficient solutions to allow for adequate separation of duties and detailed reviews of financial information.