Ransomware

Ransomware is a type of malware that has become a significant threat to businesses and individuals during the past year. Most of the current ransomware variants encrypt files on the infected system/network (crypto ransomware), although a few variants are known to erase files or block access to the system using other methods (locker ransomware). Once a system is hit, the ransomware demands a ransom in order to unlock the files, frequently thousands of dollars in bitcoins, an untraceable digital currency!

Victims are at risk of losing their files and worse still, they may experience financial loss due to paying the ransom, lost productivity, IT costs, etc.

The 3 most common ways for hackers to implant ransomware into a company are:

  • Via email: The most common theme is a Bank/Utility/Tax Office email with a link to exploit the victim’s computer.
  • Through Remote Access (RDP): Exposed PCs and Servers can be attacked/hacked and infected.
  • Through Hacked Websites: A ransomware is downloaded in disguise (e.g. Antivirus, PC Cleaner, Document, etc.).
There are multiple ways to get out of the mess once the infected system is found and quarantined, the quicker the reaction to such threat the better the chances of success. Once infected, it all depends on the backup copies and the validity of the backup.

The Plan:

The plan is all about prevention and being prepared, They say prevention is better than cure, so being prepared for such eventualities is much better than trying to get out of them once they hit.  
  • Backup: Onsite, offsite and to the Cloud! Some Ransomware encrypts the onsite backup if it can access the network location, so having a multi-site backup policy is a must.
  • Good Security Suite: Make sure all PCs, including interstate ones, have up to date Antivirus. We recommend and use Bitdefender GravityZone.
  • Anti-Spam Software or Gateway: We also recommend MailGuard to defend against SPAM and virus emails.
  • Enforce Password Policies:
  • Passwords must not contain any part of the user’s name or login
  • Passwords must contain characters from three of the following categories (Upper Case alpha, lowercase alpha, numbers, non-alphanumeric characters (!?@$%^&…)
  • Password must be at least 8 characters long, preferably a phrase such as “ILikeGolf07!”, “GotheCatsChampion070911!” …
  • Educate your staff: Ensure staff are educated in good computing practices and how to spot threats.
  • No Critical Data on PCs: All critical company data should be stored on Network Drives.
  • Lock Down Software and Access Policy: Prevent users from downloading and installing software or from accessing more than they need on the network.
  • No Gmail, Hotmail or personal mail at work:  Ask staff not to use “personal emails” (Gmail, etc.) at work.
  • No torrents or pirated software: This goes without any explanation.
  • Block certain attachments: Don’t open attachments from unknown sources or from emails that appear to be from a legitimate source but are suspicious. Emails from “Australia Post”, “Tax Office” or “Banks” with links or download are generally fake and should not be opened or acted upon. The exception is when you know the sender personally.
  • Smart Browsing: Stay away from suspicious sites at work (and at home).
  • Secure Remote Desktop Connection to Terminal Server:
  • Change the normal port number
  • Check the users who should be accessing TS
  • Check the password complexity
  • Check permissions
  • Lockdown access.
  • Use VPN if possible
  • Lock Static IP access if possible
  • Use Software to block IP after x attempts (e.g. RDPGuard)