PART 1 - Prevent, Mitigate and Respond to All Ransomware Attacks
Turn on CNN or read the headlines of any major news outlet and you’ll be inundated with the buzz around “Ransomware” and updates on cyber security threats around the world. These attacks have compromised companies large and small with no end in sight. While so many companies are being affected by the recent Ransomware attacks, it’s easy to disassociate ourselves from a threat that seems so elusive and distant. The hard truth is that the threat is neither elusive nor distant. At NexusTek, we have the unfortunate experience of local and regional companies, large and small, contacting us for immediate assistance because of a Ransomware infection. But, with that experience comes knowledge on how to combat this real threat to your business. (See the bottom of this article for general information about Ransomware)
What is the magical solution that will prevent a Ransomware attack on your business’ infrastructure? You may not like the answer because it’s going to require quite a bit of preemptive action and dedicated focus within your business’ corporate structure. Let’s be real, we all wish there was a simple solution or some anti-virus software that we can buy to solve this issue, but the simple solutions are not currently realistic when your company’s critical data is in question.
With that being said, let’s dive into the actual solution to Prevent, Mitigate and Respond to the Ransomware threat:
All the analytical folks out there would love a checklist in order to start the discussion of a project that may or may not get prioritized over the next year. The real step that needs to be taken to give your company a fighting chance at preventing the Ransomware threat is to set resources aside to focus on your IT security. That resource is not simply an anti-virus software but a team that can focus on the project to secure your infrastructure in the immediate and to adapt to the evolution of cyber threats. This team is required to be specialized and have expertise in handling the Ransomware threat. This is more than book knowledge, experience must exist. Our recommendation is to have a Managed IT Security company, such as NexusTek, partner with you to be your IT Security team.
More Prevention techniques to come in Part 2…
No amount of prevention will reduce the risk to absolute zero. The human factor coupled with ever-changing technology innately puts your business at risk for cyber-attack vulnerabilities. The unfortunate effect of the Ransomware threat is that there is little that can be done once your files are encrypted. You must rely on the full gambit of Business Continuity best practices that will protect the data that keeps your business running. Does that mean that plugging in an external hard drive once a day will save you? Potentially…but, the risks associated with that solution are much too high to risk your business’ most critical data. Your lowest risk solution is to have a fully automated and managed cloud backup solution that can be spun up in the cloud in cases of emergencies and restored within hours, not days…or weeks. A question that is often posed is, “What is the rationale for a managed backup solution if it is automated?” Without diving into the technical rationale, which is substantial, the most basic rationale is quality control. In other words, what is the benefit of having your data backed up if the data is corrupt or missing? A managed solution will catch and correct any anomalies that may arise within your backup set.
More Mitigating tasks to come in Part 2…
Chances are, you will hear about or experience a Ransomware attack in the near future. If your business is compromised by Ransomware, you may only have limited options to recover if you have not taken the recommended prevention and mitigating tactics. Below are some general tasks if you are infected:
- Isolate the infected computer immediately. Infected systems should be removed from the network as soon as possible to prevent Ransomware from attacking network or share drives.
- Power-off affected devices that have not yet been completely corrupted…affording your IT service provider time to contain the event and proceed with backup and recovery processes.
- Paying the ransom should NOT be your first response to an attack. Contact NexusTek to understand your options.
If you’ve been infected by Ransomware before…I’m sure you’re looking at the list above and scoffing because your experience with Ransomware was long and arduous. The reality is, unless your staff has an incredible amount of time and expertise to combat the Ransomware threat, your company will experience tremendous pain following a Ransomware attack. This would be an opportune time to review the “Prevent” and “Mitigate” sections again.
More ways to Respond to come in Part 2…
If you are concerned with your business’ current state of IT Security, please do not hesitate to contact NexusTek to get logical and expert advice on how to Prevent, Mitigate and Respond to cyber threats.
Ransomware General Information
Generally a user is sent out an email, or link containing malicious code (Phishing emails or communication), and in rare cases (newer variant) Ransomware can also be delivered via a worm. This is how computers are initially infected. The malicious code executes on the targets computer and encrypts the contents of the drives connected to the computer and any other detectable network locations with accessible storage. The malicious code, or malware, then communicates with a command and control or HQ Server owned by the creator or manipulator of the code. Targets are then extorted with timelines to pay the ransom or risk losing the files. Initially, when Ransomware started it was used on a wide scale specifically targeting home PCs within a specific demographic and was never initially intended to make a substantial profit. However, with the massive success and trending Crypto Currencies spiking in price, these packages of malicious code have been specifically crafted and sold to penetrate businesses of all shapes and sizes.