Ransomware – It’s Real and it Could Happen to You.

Apr 25, 2016

You’ve heard of viruses and malware – now there’s ransomware and it’s just what it sounds like.  Ransomware is an access denial type of malicious software that can come from just about anywhere a virus can. As the name implies, once activated it blocks legitimate users from accessing files and demands some sort of payment or “ransom” before providing a decryption key or similar unlock.

These types of malicious attacks are not just limited to “big businesses” either.  McAfee recently released a report showing they had collected over 250,000 unique samples of ransomware in the first quarter of 2013 alone, and the numbers have been growing since. Don’t think it could happen to you? Think again.

In just the last few months, Columbia Ultimate and The Intelitech Group have helped to restore operations for three different collection agencies who became victims of ransomware attacks.  Most of these cases could potentially have been avoided by following industry best practices for reviewing and fortifying security policies.

We’ve compiled a set of guidelines to assist our clients in preventing denial of service attacks, as well as other malware disasters. Even if you have already taken precautionary measures, we highly encourage you to review these best practices and implement as many as you can, and as soon as possible.

Ransomware Prevention
Let’s start with the tried and true prevention basics for protecting valuable, proprietary data. These three recommendations are broadly supported by IT experts across all sectors, and apply to organizations of any size.

Patch and Repeat
Regularly patch your systems and software applications to prevent system vulnerabilities, and implement necessary patches within 48 hours.  Automate this process as much as possible, and include non-Microsoft products like browsers and apps.

Put Your Antivirus Program to Work
All systems should have an antivirus program running and regularly scanning for suspicious files and activity.

Activate a Protective Firewall
Configure and maintain a reliable firewall to protect your computer and network.

If your organization is equipped with complex, interconnected devices and systems, you may be at an even greater risk for exposure to cyber criminal activity.  In addition to the basics above, a number of additional security controls should be implemented.  Ransomware and other newer threats have upped the game and companies need to do more or they will be infected.

Harden Your Operating Systems
Remove many of the default vulnerabilities in systems by following industry best practices for secure system configurations (Center for Internet Security, System Security Benchmarks; Defense Information Systems Agency, Security Technical Implementation Guide)

Remove Administrative Permissions

Configure user accounts to remove default administrative permissions, and turn off unneeded file sharing on your network. Many malware threats need full admin access rights to run properly. By reducing the number of users with admin and file share privileges, you can limit your company’s exposure.

Control Email Server Configuration Settings
Some malwares arrive as spam email attachments and use social engineering methods that lure users to open and execute links. You can reduce exposure by blocking common malware attachments by file type or extension name (*.js, *.jse, *.htm, *.html, *.exe, *.msi, *.asp, etc.).

For many organizations, preemptive security measures have prevented countless headaches and saved companies thousands of dollars. Most ransomware and other malware attacks can be avoided with some thoughtful due diligence, and proactive implementation of the recommendations mentioned above.  Also, be sure to educate your team on what precautions each individual should take to limit their exposure to cyber crime, both now and in the future.

For more information, including a comprehensive list of Security Controls for Effective Cyberdefense, visit The Center for Internet Security website at https://www.cisecurity.org.

Advertisements