Ransomware: It’s Coming Your Way. What Can You Do?
True story: It’s Saturday afternoon, the doors have been closed and locked after a busy retail morning. One employee stays late to finish a few orders. He visits a couple websites too and at one of them a warning pops up from the anti-malware program installed on his PC. He closes the browser, closes his orders, and heads home for the weekend. Monday morning, the staff discovers all the files on the company’s network have been encrypted. Every attempt to open a file brings up a message: If you want the code to decrypt your files, you have to pay us.
This is ransomware. It’s specially designed malware that locks you out of your PC or data and then demands a ransom in return for getting the code to unlock the PC or data. It can spread from the initial entry point through your entire network, shutting down your business until you pay. Some ransomware pressures you to pay NOW—the longer you wait, says the message, the more you’ll have to pay.
Ransomware comes in hundreds of variants. Opening attacks may not be obvious. Most anti-malware tools provide partial but not complete protection against ransomware. No organization wants to face this kind of digital theft. Take the following four actions to protect your business from faceless, nameless internet criminals.
1. Immediately Pull the PC’s Network Cable and Call IT
Ransomware begins its attacks with an individual machine. No current variants spread immediately through the network. The essential first step for limiting the scope of an attack is to go to the back of your PC and pull the network cable as soon as your anti-malware program warns you (or you suspect) that an attack is possible. After you’ve disconnected your machine from the network, call IT support immediately.
Does everyone in your business know what a network cable looks like? And where to find it fast on his or her machine? And who to contact for immediate IT support?
2. Back Up Every PC with a Drive Image and Store a Copy Off-Site
If ransomware has locked you out of your PC, you’ll need more than file backups to get going again. With a backup that provides a current drive image of your entire drive, you’ll be able to clear the infected drive and restore your operating system, applications, settings, and data from scratch. Only the changes made since the last backup will be missing.
Keep a copy of the drive image off-site—that is, not directly connected to your computer or network—to prevent ransomware from discovering and encrypting the backup.
Use a tool that lets you create daily incremental backups so you process only what’s changed since the previous day. The Windows operating systems for workstations and servers offer built-in imaging tools or you can buy a product from backup specialists such as Veeam. Ask your IT support provider about how to implement this IT best practice in your organization.
3. Control Access to Information Within Your Network
If every employee has access to every folder and every file on a company’s network, a ransomware attack on one PC may lead to the hostile encryption of every file in your system. Control access to information based on what people actually use and you’ll more easily control damage from ransomware. Information that’s not accessible by a user who’s attacked can’t be accessed by the ransomware either.
Controlling access to information takes some planning, but it’s easy to implement within the Windows operating systems. Here’s the basic process: Identify the functional groups within your organization. Identify the information each group uses and where it’s stored, reorganizing the storage structure if needed. Set high level folder permissions to limit access only to groups with a need to know.
Again, ask your IT support provider about how to implement this IT best practice in your organization.
4. Improve Your Mail Filtering by Moving to Cloud-Based Email
Let’s say all your employees have received ransomware-emergency training. You’re doing daily local and off-site drive image backups of your workstations and servers. You’re controlling access to company information with a “need-to-know” policy. There’s still one thing you can do to shield yourself from ransomware criminals: Move your mail to a reputable cloud-based service.
Few small- or medium-sized businesses have the in-house expertise needed to keep a local email server protected from ever-changing security threats. Pay a few dollars per user per month to a large, reputable cloud-based mail provider like Microsoft Office 365 or Google G Suite and let professionals defend your email as well as handle the hardware.
For companies that want to continue self-hosting mail with Microsoft Exchange, Microsoft offers a protective add-on product, Exchange Online Protection.