RandsomeWare

Ransomeware is scary and can paralyze a business. Imagine all of your work encrypted and having to pay someone to get it back. While there is no magic bullet to guarantee safety, there are several approaches, if done in combination n will significantly reduce the office’s vulnerability to having the business held hostage.  These can be broken up into 4 areas: individual behavior, computer hardening, strong email virus scans, and multiple backups.

Individual Behavior
The first level of defense begins with the individual. Much of what I am going to say is common sense. Assume a defensive posture when browsing websites and opening email.   Be wary.  The two most common ways that ransomeware infects a computer is through email or browsing, so assume it is dirty and requires practical data hygiene.  For example, if you receive a word document or some other attachment that you were not expecting, don’t open it until you verify through a different channel that it is legitimate.   Of course never ever open an exe file on the PC.  Don’t visit fringe sites, porn or take online surveys.  As a default never click yes or okay from a web browser popup.  Never download a diagnostic from a “warning” window that suddenly appears from a website.  Force close the browser rather than hit “ok.”  While pretty obvious, many companies include these practices as policy.

Computer Hardening Toughen your computers against attack.  First, all computers in the office should be using some version of User Access Control which un-authorises the current user from making any changes to the OS.  Only a user with administrative (the top level) access can install software.  A website might trick you to install software, however if you are logged in without administrative access, that software can not be installed and you are saved.  For example, my regular login on my main production machine (mac) does not have admin privileges.  So I need to log in as an admin user to install anything.
In addition to controlling access, antivirus software can help. However, to be effective against newer versions of ransomware, it should employ a machine learning (AI) approach that analyzes the way the computer’s memory, encryption and permissions are being used to identify the beginning of a ransom encryption take over.  CylancePROTECT is one version recommended to me by several IT professionals.  Lastly,  putting your network behind a firewall will prevent bots from worming into your network and infecting your machines.

Strong Email Virus Scans I used to host my own email.  Later I had a smaller company dedicated to email, manage my accounts.  However, it kept feeling like wack a mole, trying to stay ahead of the spam and feeling vulnerable to viruses.  So, for the last few years, I have been using Google Apps for my email address. They do it all for $50 per account per year.  I don’t think there is anyone better.  However you are not in physical possession of your email.  You can not unplug the server and bury it in the desert.  By the way, one IT pro told me he has one of his clients email accounts hosted in Switzerland making it virtually impossible to subpoena for litigation.

Multiple Backups One client of mine uses a proprietary backup that creates a distinct snapshot of the data shared by 200 users working in the office every hour. So, if encryption just occurred, they would be able to back up an hour to restore a clean, pre-infected version of that machine.  There are cloud based recover services that perform this service (such as carbonate), however if you have large graphic and video files, the service would need to be optimized to not slow down the network and computer performance.  Additionally, as a last (and perhaps overkill) step, I would also routinely (Wednesday and Friday) manually backup the drives content on every important computer to the external drive and then UNPLUG that drive from that computer.   Then if all else fails, you’ve only lost two days of work on each computer.

Posted November 8th, 2015 in Uncategorized.