The malware is known as ” Ransomware ” has many variants which utilize an array of methods to find a series of entry points (usually an attachment to an email) to infect and encrypt a company’s servers and data. Once the virus finds an entry point, it will begin to rapidly encrypt all the drives it can quickly access within the infected system.
You will become aware that the infection has occurred when someone attempts to access a file that has been encrypted or it hits the Server Operating System. There are no tools or Data Recovery Services that can decrypt your data; it is unrecoverable in this state.
All is not lost once your system has been compromised. We have found that there are two solutions that work the best once your system is compromised. Your two options are to restore your system from the last good backup or simply attempt to pay the ransom.
The IT industry does not encourage the payment of the ransom, and doing so does have risks. Sometimes a decryption key is never sent or won’t work, and the criminals don’t have an IT support team!.
But if you have no backup process for your data or you’re unsure and cannot take a chance on an unchecked backup, then you may have no choice but to attempt to pay the ransom.
Prevention is the Best Option! Use these steps:
Educate Your Staff:
One of the most common causes of infection is an employee clicking on a link or opening a file sent from a legitimate source they might have corresponded with in the past. Train them to recognize suspicious emails.
Employ Content Scanning / Filtering on Email Servers:
All incoming emails must be scanned for viruses; this is the primary entry point for Ransomware. The next is websites that are infected; this is where a web content filter should come into play. If the website is infected, the web filter will prevent its entry.
Maintain Patch Levels for OS and Applications:
It is an industry best practice to keep the workstations, server operating systems and applications up to date and patched as this will help prevent infection to your network.
Block End Users from Executing Malware:
Newer Antivirus and Malware programs such as Symantec, Malwarebytes and Webroot have products that work well for this service. You can configure and use Group Policies to implement software restriction policies to prevent the threat of Ransomware from running in the protected system areas.
Install and configure Host Intrusion Prevention:
Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) solutions are very helpful but do require a certain amount of administration, such as monitoring for alerts, notifications, and events.
Limit User Access to Mapped Drives:
If users do not need access to drives or sharing privileges, then remove them from the shared list. Group rights and login scripts will help to map drive access in your company.
Deploy and Maintain Backups:
The most important solution we constantly offer to our clients would be to constantly backup your system – we cannot stress this enough. The biggest takeaway from this article is that the best protection is a solid backup scheme. We prefer image-based backups like Datto, Storagecraft, and Veeam.
This is not a complete list of all the methods or solutions that can be used; however, these are the most common and cost-effective methods of prevention. Remember, doing something is better than doing nothing at all. Again, if you take nothing else away from this article, please make sure that you have a solid backup solution in place and it is working.
For more information about Ransomware and how Clare Computer Solutions can protect your company, contact us or visit our website at www.clarecomputer.com to find out what CCS can do for you.