It can be considered as a hostage situation. Cryptolocker, Ransomware, Reyptson, Leakerlocker. These are all terms for some of the most common threats to your IT systems. This is known as ransomware and it’s a big threat to your business.
Before I start and get into the nitty-gritty; IT security is a bit like building insurance. There is rarely a need or want to think the unthinkable scenarios like if your house were to burn down but there is a chance it will happen. The same used to be true for IT security – it was fairly low risk. But now, that has all changed.
Why is this? Because ransomware is spreading and damaging many businesses. You only ever hear about the large security breaches on the news but ask 10 of your business associates and I can pretty much bet one of them has been hit by this threat.
To be brief what does the virus actually do?
It usually infects a PC in the form of a malicious email attachment. The mail attachment looks just like a normal PDF which could be disguised as an invoice/purchased order. Once it has been opened, the virus will then encrypt all word/excel/pdf/pictures on the PC Rendering the files useless.
Then it will search for network drives and go after files stored centrally on any servers you may have. Wreaking havoc on shared network drives and departmental files.
Finally, it will display a message on the infected system stating if you pay a “ransom” then you can have access back from your files. The truth is – if you pay you are not guaranteed anything and may end up in a worse situation as the software will capture credit card details. By doing this, you are given the criminals exactly what they want and need, an income to fuel their activities.
Prevention Is Better Than Cure
Here are our four key steps for any business to reduce the risk of ransomware.
1 – Raise Awareness Among Staff
The first step is to make staff aware of the threat of files and links from within emails. They might even look to come from a trusted source. If you are not expecting an attachment then beware. Common sense is key – if you don’t know the person sending the attachment or link then don’t click it. If you are unsure, then ask your IT provider to inspect the link or attachment.
Dale Sutherland, the Director and owner of Aberdeen Cyber Security is a qualified lecturer in computing and cyber security. We are actively promoting our education and training services. We have existing content that is ready for delivery. If you prefer something that’s aligned with your company, we’ll create specific content just for you. Check out our education services here.
2 – Server Protection – GPO’s
GPO stands for group policy object – your IT department or provider should be deploying a set of group policies on your internal servers that restrict the virus’s ability to spread to the network.For a technical rundown of exactly what group policies should be put in place please reference the content below.
Please note this is a technical document – this is something specific we can help you implement.
3 – Email Spam Filter
Does your email system have a spam filter? Probably – but does it inspect attachments on emails? Possibly not – make sure you have an email protection system in place that can do the job in the background.
It’s a bit like a firewall for emails inspecting all emails incoming and outgoing for malicious viruses.
4 – Check Backups Are Actually Working
If you do get hit by the Crypto-locker the process for recovery is by using your backup system.
99.9% of all backup solutions will send a notification to the IT department/provider to let them know if a backup has been successful or unsuccessful. However, 99.9% of all IT professionals will not actually test to see if you can successfully restore files from a “working” backup service.
Get them to check this now and on a monthly basis. This is very important.