Don’t be a Victim of Ransomware - Detect, Protect and Recover

“I don’t know who you are. I don’t know what you want. If you are looking for ransom, I can tell you I don’t have money. But what I do have are a very particular set of skills, skills I have acquired over a very long career. Skills that make me a nightmare for people like you.” – Liam Neeson, Taken, 2008

The last few months have seen two serious and destructive “ransomware” attacks that significantly affected the operations of several major organizations worldwide. May’s “Wannacry” and June’s “NotPetya” attack affected millions of staff and caused significant damage – as was their intention.

Ransomware costs for 2017 are estimated in the billions, with a “B”. Not to mention the danger posed by critical systems being down at organizations such as health systems and nuclear power plants.

The attacks are becoming more frequent and more sophisticated with each incident. We will never be able to stop the criminals from striking, so it is imperative that we use all the skills at our disposal to thwart them. What can we do?

Vigilance is key. Both of the recent attacks could have largely been mitigated by a patch provided by Microsoft in March, two months before the first attack. Unfortunately, several of the victims either simply didn’t apply the patch, or were using outdated/unsupported products that did not allow for this to occur. It can be expensive to keep systems up to date, but the cost of not doing so can be astronomical.

Systems

Ensure that servers and end-user machines are consistently updated for patches and antivirus software updates.
Stop using outdated or unsupported browsers and operating systems
Ensure that your third-party vendors also follow stringent protocols for their networks
- Use a vendor assessment tool to help identify risks
Backup your data – keep copies of your data and replicas of critical servers

As much as we do to keep our technology up to date, every organization has one weak point that cannot ever be fully controlled – people. Human error is a major factor in allowing these attacks to propagate themselves. Train your people to always be on the defensive and follow best practices.

People

Educate employees about “phishing” attempts and the danger of opening unknown links or attachments
Restrict unknown software from being downloaded onto client machines
Train employees to save their data to a shared drive or cloud environment rather than their local machine
- This way, data can be recovered more easily in the event the machine is wiped
Beware of public WiFi networks and avoid if possible
Require strong password protocol to lessen the effect of possibly stolen credentials

Plans

While we work to prevent the threat of an attack, it is also imperative to have a plan in place of what to do in the event the disaster strikes.

Create a business continuity plan specifically for cyber security events
- Define your “mission critical” processes, servers and people so that your teams know exactly who to contact, what to do and how to do it
- Have an alternative communication source available
  - If the email server is down, how will you notify employees of the danger lurking in their laptops or provide status updates
- Have a crisis management strategy in place
  - These types of events can have serious brand impact and the word can spread like wildfire via social media

Being hit with a ransomware attack is a worst-case scenario, but one that can be avoided with proper planning and training. Contact the BC in the Cloud team to learn more about how we can help you learn the skills to prepare for attack.