Back in 2016, we published a blog post on Ransomware and some tips on how to avoid it. Since then, the financial threats to us all have increased in quantity and severity.
Original Post here for people unfamiliar with ransomware: https://itw4.co.uk/blog/encryption-ransomware-backup-pay/
Ransomware is about as serious as it gets and it will absolutely grind a company to a halt.
A key difference between the original ransomware threat from 2016 and the current threat is the theft of data. Hackers have realised that by taking their time to look around your systems, they will find sensitive data worth stealing. This data becomes another bargaining chip to force you to pay their demands.
Here’s what you can do to reduce the risk of falling victim to these evolving threats;
- Monitoring – These attacks are almost always preceded by quiet attacks on your network. Have your business devices monitored. A good monitoring system will alert you (or your support company) to attempted attacks on the network giving you time to react and hopefully stop the attack or limit the damage.
Monitoring is key to denying hackers the time to steal data if they manage to break in.
- Firewall / Router – Ensure you have a suitable Router / Firewall and that it is setup correctly. This is important now more than ever as many of these attacks are coming directly from the internet rather than from viruses in emails.
- Remote Access Rules – These rules should created very carefully. If they must exist at all, they must only be open to specific IP addresses.
- Brute Force Protection – Ensure your router and any services you use employ brute force protection to help stop these attacks
- Geo-filtering – Geo filtering allows you to stop traffic entering your network from countries of high risk. If your firewall supports it, geo-filtering should be used where possible.
- Firewall Management – Your firewall should not be manageable from the internet.
- Auditing – Firewall configurations should be audited frequently. Old rules should be removed when they are no longer needed and passwords should be kept up to date. Regular auditing will also highlight if anyone has managed to gain access to the firewall which again is a likely sign of a pending attack.
- Servers
- Ensure servers are patched fully up to date.
- An audit on the network administrator accounts should be carried out to ensure no privileged accounts exist which are not essential.
- Rotate passwords – Strong passwords are essential, but rotation of passwords ensures old passwords lose their worth if they are ever leaked.
- Consider setting up an account lockout policy to protect against brute force attacks. We only recommend this where monitoring is in use as the monitoring will alert you to the lockout before the users have issues.
- Server Antivirus software should be installed and kept up to date. We recommend ESET file security for servers.
- Desktops / Laptops / Mobile Devices
- Ensure all devices are fully patched up to date.
- Ensure all devices are protected by a full and current antivirus software / app.
- All Microsoft Windows devices should be running Windows 10.
- If you ABSOLUTELY must have an older version of Windows in use, it should be immediately isolated from the network and internet.
- Data on desktops and laptops is more at risk from this type of threat. If you have a server, it’s important data should be stored on it. If you do not have a server, pay close attention to the backups section of this article.
- Apple devices are not unaffected by these viruses and should also be patched to the newest Operating System with the relevant security updates. If you are using older hardware that cannot be upgraded to a supported Operating System, we recommend you look to replace the device as soon as possible.
- iPhones / iPads – Ransomware threats affecting iPhones or iPads are less common. These devices are tethered to the Apple store and can only run software signed off by Apple. Please note; if you have a “Jail Broken” device, you have opened yourself up to an unknown number of risks.
- Android Devices – Ransomware threats to Android devices are more common than Apple’s. We urge users of these devices to be fully patched and up to date. If the version of Android is out of support and cannot be updated, we would suggest the device is isolated from the network immediately and a replacement is considered. We also recommend ESET Mobile Antivirus for Android devices.
- Information on ESET For Android Here: https://www.eset.com/uk/home/mobile-security-android/
- Backups – Robust backups are absolutely critical to fighting this type of attack as, once you are infected, you will likely need to recover from backups.
- We HIGHLY recommend offsite backups – as it is near impossible for offsite backups to be defeated by this threat.
- If you are using local backups (USB / Tape etc.) you must have more than one USB drive and rotate the drives regularly. These viruses will corrupt the attached backup drive so a single backup drive is usually no better than no backup.
- Ideally, you would have 5 drives in rotation (MON-FRI). As it can take 48-72 hours for users to notice and report viruses on a network, it may have damaged more than one backup drive.
- Local Backup Drives should be tested regularly.
- Use backup software that will notify you of issues and failures. If your software does not do this, you must check the backups more regularly to ensure they are complete can be recovered from.
- A full recovery test should be carried out annually at a minimum
- Remote Access Tools
- Ensure remote access tools – TeamViewer, Logmein etc. should only exist where they absolutely must. Remove all software you no longer use.
- Support Agreements
- Having a support agreement in place and taking the advice of the professionals is the best way to limit your exposure to this type of risk. A good support provider will always inform you of the risks you face and what they can do to mitigate it.
- Having a support agreement in place and taking the advice of the professionals is the best way to limit your exposure to this type of risk. A good support provider will always inform you of the risks you face and what they can do to mitigate it.
If you feel the need to talk to us about security or support agreements, we look forward to hearing from you on 0845 519 4425 or via our contact form at https://itw4.co.uk/contact-us/