Tip #1: Educate users on security best practices
Education is still the best way to help your business avoid infection by ransomware — or any other form of malware. Make your employees aware of popular social engineering methods and tactics so they don’t fall victim to phishing emails or spoofed messages. It’s particularly helpful to share examples of these kinds of emails and the types of attachments that are often associated with social engineering attempts so that end users know to avoid them. An MSP is well equipped to help deliver this sort of training.
A few security best practices to share with your employees:
- Do not open emails from strange or unfamiliar email addresses
- Do not disable or deactivate antivirus or anti-malware software
- Do not download software from torrent sites — official or direct downloads are preferable
- If you receive an email from a familiar contact that includes an attachment or link, verify separately that the person or organization actually sent you this message
Tip #2: Consistently update operating systems, antivirus and anti-malware software
Most security vendors are constantly working on updates to catch and stop ransomware before it infects your files. If you use antivirus or anti-malware services, be sure you are running the most recent versions of these products and do regular updates. Contact your vendors or your managed service provider to learn more about how they’re defending against ransomware to see if there is any additional protection available.
It’s also important to be sure your operating systems are up to date with the latest security patches to avoid leaving any backdoors open. Often, backdoors are fixed in the latest patch or update, and hackers can prey on companies running out-of-date software, which gives them an easy “in” to the system.
Tip #3: Disable macros in Office documents
Many new ransomware strains trick users into running macros on Microsoft Office programs. Macros automate frequently used tasks and hold a potentially serious security risk. If malicious macros are introduced, it starts with one file and quickly spreads. Microsoft Office 2016 automatically disables macros, but if your business is using an older version, an MSP can help you disable it on a GPO (Group Policy Object). 14
Tip #4: Prevent .exe from running in AppData or LocalAppData folders
Ransomware usually operates within the AppData or LocalAppData folders, so you may be able to prevent the initial malware download from executing by blocking .exe files from running in these folders.
Tip #5 Set up a cloud-generation firewall
Cybercriminals are releasing new malware variants into the wild at an increasingly fast pace. A cloud-generation firewall can combat numerous threats, and some can even detect zero-day threats before they infiltrate the system. Zero-day exploits are expected to increase from one per week to one per day by 2021, so the threat is growing. 15
Firewalls help your SMB be proactive about defending against ransomware instead of just reacting to an attack. “Network security is akin to a home alarm system, whereas BDR is like a home owner’s insurance policy that comes into play if something is stolen or damaged,” says Brian Babineau, senior VP and general manager of Barracuda MSP. 16 Thinking of it that way will help you understand the importance of both approaches. Network security, like a cloud-generation firewall, goes hand-in-hand with a comprehensive BDR plan when protecting your business from the most recent ransomware threats.
Tip #6: Back up your data frequently and consistently
Why offsite? Because ransomware infections have been known to infect local drives and network shares that are mapped as a drive letter on the infected computer.17 That means if you’re using only a local backup solution, there’s little chance of recovery without paying the ransom because your backups will most likely get encrypted as well.Offsite backup is a critical component to a ransomware recovery strategy and should be an integral part of your disaster recovery plan.
- Keep multiple versions of your protected files
Certain cloud backup offerings provide the advantage of sophisticated version histories, which is a critical component to successful restores after a ransomware infection. If you only back up a single version of your files, it’s possible that your software has backed up an infected file. By saving as many revisions as possible, you have a better chance of restoring to a clean version of the data.
- Keep multiple days’ worth of files
Depending on how frequently you perform backups, it’s possible to store multiple versions of a single file, all of which were backed up the same day. But it’s important to also back up several days’ — or even weeks’ — worth of files to ensure maximum protection. By retaining clean backups over days, weeks, or months, you give yourself additional safe restore points, raising the likelihood of a successful restore.
- Frequently test your restores
Your backups are only as good as the restore. Test your restores on a frequent basis to make sure your data is being backed up properly.
The FBI wants businesses to take ransomware seriously. “Because of the global reach of cybercrime, no single organization, agency, or country can defend against it,” the organization explained in a recent statement about the growing threat of ransomware.19
As an SMB, it is impossible to stop the ransomware epidemic. However, taking the right proactive and reactive measures can help you mitigate the likelihood of an attack for your business. No business vertical, large or small, is immune to ransomware attacks, but you can set your business up for success by following best practices and using the right tools to defend against it.
Contact us today to get your free network evaluation
- Ransomware Damage Report 2017 Edition, Cybersecurityventures.com, Retrieved February 2018.
- What is ransomware?, Microsoft, retrieved September 2016.
- Cryptolocker 2.0 – new version, or copycat?, We Live Security, December 2013.
- CryptoLocker Ransomware Information Guide and FAQ, Bleeping Computer, October 2013.
- Malware Protection Center, Microsoft, Image retrieved February 2018.
- Here Comes Locky, A Brand New Ransomware Threat, Dark Reading, February 2016.
- Locky now using Embedded RSA Key instead of contacting Command & Control Servers, Bleeping Computer, September 6, 2016.
- Combatting the ransomware Blitzkrieg, ICIT, April 2016.
- Cerber Ransomware Has a New Family Member – Cerber3 Has Been Spotted, Virus Guide, August 31, 2016.
- The Ransomware Meltdown Experts Warned About Is Here, Wired, May 12, 2017
- Petya Ransomware Skips the Files and Encrypts Your Hard Drive Instead, BleepingComputer.com, March 25, 2016
- The NotPetya Ransomware May Actually Be A Devastating Cyberweapon, Forbes, June 30, 2017
- Ransomware 2017 Report, Cybersecurity Insiders, Access February 2018.
- Enable or disable macros in Office documents, Microsoft, Retrieved September, 2016.
- Zero Day Report, Cybersecurity Venutres, Accessed February 2018.
- 3 Ways to Supercharge Your BDR Offering, Business Solutions Magazine, September 2016.
- 2016 Vulnerability Review, Flexera Software, March 16, 2016
- 2017 State of Cybersecurity in Small & Medium-sized Businesses, Ponemon Institute, September 2017.
- Cyber Crime, FBI, Retrieved September 2016.