Blog

Read all our news and industry updates here.

Ransomware: How to protect yourself

Back in 2016 we published a blog post on what Ransomware was, and some tips on how to avoid it.
Since then the threat has sadly not gone away, it has become more prevalent and has actually increased in severity.

Original Post here for people unfamiliar with ransomware: https://itw4.co.uk/blog/encryption-ransomware-backup-pay/

Lets be frank, this threat is about as serious as it gets and it will absolutely grind a company to a halt.

A key difference between the original ransomware threat from 2016 and the current threat is the theft of data, hackers have realised if they have time to look around your systems, they may be able to find sensitive data to steal, this data becomes another bargaining chip to force you to pay their demands.

Heres what you can do to reduce the risk of falling victim to these evolving threats.

  • Monitoring – These attacks are almost always preceded by quiet attacks on your network. Have your devices monitored, a good monitoring system will alert you (or your support company) to attempted attacks on the network, giving you time to react and hopefully stop the attack or limit the damage.
    Monitoring is key to denying hackers the time to attack your system and to deny them time to steal data if they manage to break in.
  • Firewall / Router – Ensure you have a suitable Router / Firewall and that it is setup correctly, this is more important now than ever as many of these attacks are coming direct from the internet rather than from viruses in emails.
    • Remote Access Rules – These rules should created very carefully, if they must exist at all, they must only be open to specific IP addresses otherwise you are on borrowed time.
    • Brute Force Protection – Ensure your router and any services you use employ brute force protection to help stop these attacks
    • Geo filtering – if your firewall supports it, geo filtering should be used where possible, geo filtering allows you to stop traffic entering your network from countries of high risk.
    • Firewall Management – Your firewall should not be manageable from the internet, this is a security risk.
    • Auditing – Firewall configuration should be audited frequently, old rules should be removed when they are no longer needed and passwords should be kept upto date. Auditing will also highlight if anyone has managed to gain access to the firewall which again is a sign of an attack under way.
  • Servers
    • Ensure Servers are patched fully up to date.
    • An audit on the network administrator accounts should be carried out to ensure no privileged accounts exist which are not essential.
    • Rotate passwords – Strong passwords are essential, but rotation of passwords ensures old passwords lose their worth if they are ever leaked.
    • Consider setting up an account lockout policy to protect against brute force attacks, we only recommend this where monitoring is in use as the monitoring will alert you to the lockout before the users have issues.
    • Server Antivirus software should be installed and kept upto date, we recommend ESET file security for servers.
  • Desktops / Laptops / Mobile Devices
    • Ensure all devices are fully patched up to date.
    • Ensure they all have antivirus on them, and that it is up to date
    • At an absolute minimum all windows devices should be Windows 8 or newer.
    • If you ABSOLUTELY must have an older version of windows in use, it should be immediately isolated from the network and internet.
    • Data on desktops and laptops is more at risk from this type of threat, If you have a server important data should be stored on it, if you do not have a server then pay close attention to the backups section of this article.
    • Apple Devices are not unaffected by these viruses and should be patched to the newest Operating System with the relevant security updates, if you are using older hardware which cannot be upgraded to a supported Operating System then we recommend you look to replace the device as soon as possible.
    • iPhones / iPads – We are not aware of ransomware threats which affect iPhones or iPads at the moment, these devices are tethered to the apple store and can only run software signed off by Apple. Please note if you have a “Jail Broken” device then you have opened yourself up to an unknown number of risks.
    • Android Devices – We are not aware of any specific ransomware threat to android devices, however there are other threats to Android devices on the market, as such we would urge these devices to be fully patched up to date, if the version of Android is out of support and cannot be updated, we would suggest the device is isolated from the network immediately and replacement is considered. We also recommend ESET mobile Antivirus for android devices
  • Backups – Robust backups are absolutely critical to fighting this type of attack, as once you are infected you will likely need to recover from backup.
    • We HIGHLY recommend offsite backup – as it it near impossible for offsite backups to be defeated by this threat.
    • If you are using local backup (USB / Tape e.c.t.) you must have more than one USB drive and rotate the drives regularly – These viruses will corrupt the attached backup drive, so a single backup drive is usually no better than no backup.
    • Ideally you would have 5 drives in rotation (MON-FRI), it can take 48-72 hours to notice the virus on the network, by which time it may have damaged more than one backup drive.
    • Local Backup Drives should be tested regularly.
    • Use backup software which will notify you of issues and failures. If your software does not do this, then you must check the backups regularly to ensure they are complete and you can recover from them.
    • A full recovery test should be carried out annually at a minimum
  • Remote Access Tools
    • Ensure remote access tools – TeamViewer, Logmein e.c.t. only exist where they absolutely must, remove any which are non-critical
  • Support Agreements
    • Having a support agreement in place and taking the advice of the professionals is the best way to limit your exposure to this type of risk. A good support provider will always inform you of the risks you face and what they can do to mitigate it

If you wish to discuss any aspect of this article, or you want to talk to us about security concerns or support agreements drop us a line on 0845 519 4425 or contact form here: https://itw4.co.uk/contact-us/

Back To Posts