Ransomware - How to prevent infection

Posted by admin on December 21, 2013

After seeing a post from @JosephRogina (about.me/josephrogina) I thought I should write up a quick list of things you can do to protect your business (or personal) computers from threats such as Ransomware. 

CryptoLocker, and other ransomware, are ramping up this holiday season. Why does the holiday impact infections? Users are sending a lot of mail and packages, so it wouldn't be unexpected to see a message from UPS or FedEx in their inbox. Attackers are using this to write emails that look like a package didn't reach its recipient, or something was wrong with an invoice. Sometimes the attacker puts a link to a site that can infect a computer, and sometimes they simply attach a file that will infect the computer.

Because it's so difficult (currently impossible) to decrypt the files that are infected, the best way to avoid a potentially disastrous situation, is to protect yourself from being infected in the first place.

Below is a list of measures you can take to protect your networks:

  • Desktop Antivirus - This seems like a no brainer, and now Windows 8 comes with Windows Defender (Previously Security Essentials) built in. However, when you buy a computer with a free trial of Antivirus and let it expire, your computer is left vulnerable. Either remove the trial software, or purchase one. Trend Micro, Symantec and Kaspersky are all good protection programs. Some ISP's give their clients free antivirus, so check into that as well.
    • For Small Business and Enterprise protection, Contact Us for details on recommended solutions for your business.
  • Gateway Antivirus - Many small businesses don't know this exists; a gateway antivirus is a service that runs on advanced firewall appliances. It analyzes the data coming into your network and looks for patterns that could be malicious. If detected the firewall either removes the code, or blocks the file from being sent to the computer. This prevents the code from ever reaching the PC. A few of the main firewalls that offer this service are SonicWall, Watchguard and Cisco. Contact Us to get a free quote and more information about securing your network at the perimeter.
  • Confirm with the sender - If you receive a suspicious email, contact the sender directly to confirm they sent it. I you get an email from UPS, your bank, or even a personal contact, call them and ask if it's legitimate before proceeding.
  • Don't click that link! - Avoid clicking on links in emails. Go directly to the webpage by typing in the address.
  • Don't open attachments, even pictures or music - Images, music, zip files, word documents, can all be infected. In fact, attackers can make a file look like a different type of file, for example, an exe file can look like a jpg.
  • Backup, backup, backup, and then backup - If you have important files, they need to be backed up, in more than 1 location. A 3-2-1 approach is a great way to develop a backup plan. 
    • 3 - Copies (A primary copy, which is your working data, and 2 backups)
    • 2 - Different Media Types (Such as Hard Drive and Optical, or 2 separate Hard Drives)
    • 1 - Separate Location (1 of the backup devices should be stored offsite and periodically updated) 
    • Cloud backup services (not syncing services) are a great way to accomplish a different media, and offsite location.
    • Contact Us for help developing your business' backup and disaster recover plan.
  • Update your software - A lot of malware uses exploits in software to gain access to systems. Java, Flash, Adobe Reader, your web browser, and many more programs are all subject to being exploited for an attack. As software developers find these weaknesses, they patch them, and release updates. In order for the weakness to be fixed on your system, the patches must be installed. It's critical to keep your software up to date. IT Hub offers a maintenance service to monitor and keep your networks software patched and up to date, which significantly reduces infections.

In conclusion, many people rely heavily just on antimalware software to protect their networks and computers, however software updates, user education and strict usage policies are all important in preventing infections. However, even if all of those measures are in place, it's still possible to get infected, so a good backup policy will help prevent data loss.