If you work with email on a daily basis there is no doubt that you have heard of, or have even been affected by what is called ‘ransomware’. What is ransomware? It is a type of software that performs a malicious act, such as encrypting all of the files on a computer which renders them inaccessible and then requests payment in order to reverse the encryption. Once files are encrypted it is extremely difficult to decrypt and recover them without the use of the encryption keys.
Unfortunately, the teams behind these types of malware are constantly developing new techniques and approaches to deliver their malicious code which is keeping antivirus vendors on their toes. A recent report from Symantec has indicated that there has been a significant surge in the number of new ransomware families being created over the last several years. There are a number of things that can be done to reduce the potential impact of ransomware. Some of these are:
- User Education – This is the most obvious preventative measure. Ransomware is typically delivered via email appearing to come from a legitimate source, such as Australia Post or the Office of State Revenue. Users are tricked into clicking the link which then delivers the ransomware payload and encrypts files. By educating users on how to identify hoax emails, the likely hood of these emails being opened should reduce. Additionally, security initiatives can be introduced where a ‘simulated malware’ email can be sent to all users and data can be gathered on which users opened the email.
- Enhanced Protection – Stopping the emails from even reaching a users’ inbox is the ideal solution to stopping ransomware. Advances in malware scanning techniques and services have made this a possibility. There are many services now available with both on-premises and cloud solutions that will actively scan, open and test email attachments before they are delivered to a user mailbox. These services can also identify misleading URLs in the email body and will rewrite the links before the email is delivered.
- Backup Your Data – In the unfortunate event that your environment is infected with ransomware, the most likely route to recovery is by restoring files to a point in time before the infection. Therefore you must ensure that backups are completing successfully on a regular schedule and ideally stored in multiple locations.
- Keep things up to date – In what would be considered generally good practice, it is critical to ensure your operating systems are kept up to date with the latest security patches. Where possible you should also keep your applications updated, including anti-virus agents.
- Lock down the environment – Do users have administrative rights on their own machine? By removing this privilege and utilising a consistent standard operating environment (SOE), the chance of harmful applications being run on the network is reduced. In addition, system policies can be introduced that further limit where and when specific applications can be run.
Unfortunately, no environment is impenetrable and mistakes will happen. These steps can help you reduce the likelihood and impact of a ransomware infection, however, it is best to be prepared for the worst and have a recovery plan in place. If you’re feeling uneasy about ransomware getting a hold of your data, get in touch with the team at Starboard ITÂ to put your mind at ease.
Want to learn more?
Contact us to discuss how Starboard IT can help protect your business against loss of money, data and reputation.