So you’ve heard of Viruses and Phishing attacks, but have you heard of Ransomware? Ransomware is basically a combination of a virus and phishing attack that employs an application to encrypt your data to hold it for ransom. The phishing part of the attack is centered on an email with some type of attachment. An example would be “My Resume for your consideration” with a word document attached. The Word document has macros that will go out to the Internet, download and run an application that will search for and encrypt all of your data files (PDF, Office App files, photos, etc). The application will then inform you that all your files are encrypted (which they are) and that you will not be able to get any of the information back (which you will not) unless you pay a fee to get the key to unencrypt your files. To top it off, the ransom normally starts around $500 if you respond in the first 12 hours. If not, the ransom increases to $1,000 for up to 24 hours… at which time your data is gone. To pay or not to pay, that is the question. If I pay, will they actually send me the key? There have been discussions and debates on this which we will not be discussing or debating. What we will look at is how to prevent this and how to protect your data.
First and foremost is the education of your staff. This starts with a phishing email. If no one clicks on the attachment… the phishing fails... PREVENTED!
Deploy an antivirus solution that employs low overhead and enhanced Anti-Ransomware technology. Not all AV providers have this technology. Webroot is one AV provider that we have seen to be consistent with detecting this type of threat. Recently we performed a test using a ransomware email. We used several AV solutions and found a major provider did not detect it where Webroot immediately identified the threat. For the record, this exploit has been in the wild for some time. Attacks are becoming more sophisticated like Macros coded in ASCII code to hide the IP address the malware is downloaded from. This makes it more difficult to create signatures to detect threats. With the sophistication of attacks… you need a dynamic and versatile AV solution that employs Enhanced Anti-Ransomware... PREVENTED!
Your last line of defense or should I say recovery, is your backups. Servers should always be backed up so if you get hit with this type of attack, you can recover your data. This article is not about backups but if you are not doing image level backups of your servers with virtualization abilities for DR…. give us a call. At the very least, you should have nightly backups of your servers. If you have a backup on the server… RECOVERED!
Client machines (Desktops and laptops) are not servers and most of the time they are not backed up. Ideally you should not have data only residing on your client machines. Most should use a mapped drive to a server to store data (Thus it is backed up when the server is backed up). You can also deploy a cloud solution like Microsoft OneDrive to replicate your data to the cloud. Keep in mind that any solution you use for this needs to have versioning. Versioning saves a new version of the file every time you save the file thus, if the file is modified (IE Encrypted) it will indeed replicate to the cloud but you will have the ability to recover previous versions from the versioning of Microsoft OneDrive. If you have this in place… RECOVERED!
Beringer Associates can help in reviewing your infrastructure and working with you to provide education, deployment of an AV solution or help setup a resilient and comprehensive backup solution for your business. Contact us with any questions you may have.