Hostage Situation – Cryptolocker
Wreaking havoc on shared network drives and departmental files. Ransomware, Reyptson, Leakerlocker. These are all terms for some of the most common threats to your IT systems.
Before I start and get into the nitty-gritty – IT security is a bit like building insurance. There’s rarely a need or want to think the unthinkable scenarios like if your house were to burn down but there is a chance it will happen.
The same used to be true for IT security – it was fairly low risk. But that has all changed.
Why is this? Because Ransomware is spreading and damaging many businesses. You only ever hear about the large security breaches on the news but ask 10 of your business associates and I can pretty much bet one of them has been hit by this threat.
To be brief what does the virus actually do?
It usually infects a PC in the form of a malicious email attachment. The mail attachment looks just like a normal PDF which could be disguised as an invoice/purchased order.
Once it has been opened the virus will then encrypt all word/excel/pdfs/pictures on the PC infects.
Rendering the files useless.
Then it will search for network drives and go after files stored centrally on any servers you may have. Wreaking havoc on shared network drives and departmental files.
Finally, it will display a message on the infected system stating if you pay a “ransom” then you can have access back from your files. The truth is – if you pay you are not guaranteed anything and may end up in a worse situation as the software will capture credit card details.
Prevention is better than cure.
4 key steps for any business to reduce the risk of Ransomware
1. Raise awareness among staff.
Make staff aware of the threat of files and links from within emails. They might even look to come from a trusted source. If you are not expecting an attachment then beware.
Common sense is key – if you don’t know the person sending the attachment or link then don’t click it.
If you are unsure, then ask your IT provider to inspect the link or attachment.
2. Server-side protection, GPO’s.
GPO stands for group policy object – your internal IT department or provider should be deploying a set of group policies on your internal servers that restrict the virus’s ability to spread to the network.
For a technical rundown of exactly what group policies should be put in place please reference this: Click Here (Please note this is a technical document – this is something specific we can help you implement.)
3. Email Spam filter
Does your email system have a spam filter? Probably – but does it inspect attachments on emails?
Possibly not – make sure you have an email protection system in place that can do the job in the background.
It’s a bit like a firewall for emails inspecting all emails incoming and outgoing for malicious viruses.
4. Check backups are actually working.
If you do get hit by the Crypto-locker the process for recovery is by using your backup system.
99.9% of all backup solutions will send a notification to the IT department/provider to let them know if a backup has been successful or unsuccessful.
However, 99.9% of all IT professionals will not actually test to see if you can successfully restore files from a “working” backup service.
Get them to check this now and on a monthly basis.
Schedule a security audit of your IT systems by clicking HERE.