The fallout from the recent WannaCry ransomware attacks have certainly drawn more attention to network security and ransomware in general.
How can I prevent ransomware?
If you haven’t questioned or considered your network security and disaster recovery plan yet, now is a great time. Here are some important steps to start your reflection:
1. Backup your data: When we have successfully defeated ransomware for our clients, it has not been with savvy decryption ciphers or paying with bitcoins. We have simply removed the damaged files and restored from their most recent unaffected backup. If you are using a backup service, check your backup reports to make sure they are successful and make sure they are backing up your mission-critical data.
2. Keep your OS up-to-date: An interesting facet of the WannaCry attacks were the machines targeted. Many of the machines were running operating systems that were out-of-date and out-of-support. Unless businesses were running specific software products that would only run on those operating systems, they should not have been using
The WannaCry attack manipulated a specific vulnerability in the Windows OS. Although considered out-of-support, Windows did release a patch for these older operating systems. Click here to learn more about Microsoft’s response.
3. Think twice before clicking: The ransomware tickets we have worked for clients have been largely traced back to emails. Hover over links before clicking and see if the address preview is an expected destination. Do the emails use correct grammar and spelling? Does it contain excessive exclamation marks? Is the email something you would expect to receive? Does it contain an attachment; that should increase your alarm!
4. Install an up-to-date antivirus. Many products sold to businesses also offer a free version for home use. Ransomware is generally very wormlike; users that first click the infected email or link and inadvertently install the ransomware on their device have opened the door to invite the ransomware to install on other networked machines and servers. It is important that all machines that connect to your network and server be protected by a robust antivirus product. If you have wireless open for guest users, make sure they are only able to access the internet and not your server drives. If your company has a BYOD policy, check to see how you are enforcing the antivirus coverage for those devices.
What do I do if I get ransomware?
- Get your machine off the network to eliminate the spread of files, or the ability for your computer to be controlled by those files.
- Do not pay the ransom; you cannot guarantee that you will indeed receive the decryption key and be able to recover your files.
- Restore affected files from backup.
- Check connected cloud accounts. If you are backing up to Google Drive, Dropbox, etc., login from an unaffected machine and stop syncing your accounts. Check those files to see if they were encrypted as well. If they were, revert to a previous version.
- Make sure you have an antivirus product installed, and make sure it is up-to-date. Some products are set to auto-update, some will need you to approve updates. AVG, the product most of our SMB clients use, will auto-update. Learn more about their ransomware coverage and response on their website.