How to block ransomware
Ransomware is one of the nastiest forms of malware around. That’s saying something. The good news is that it’s actually fairly easy to protect yourself against it. With that in mind, here is a quick guide on how to block ransomware.
Invest in a high-quality anti-malware product with a firewall
These days products that combine anti-malware functionality with a firewall are every bit as effective as separate products. They are, however, generally simpler to install and configure and usually more economical too. It’s usually best to go for a cloud-based product. This is partly because this means that the vendor takes care of the update process. It’s also partly because they place less of a burden on the local devices.
Scareware, as its name suggests, is a straightforward intimidation ploy. It puts frightening messages on the screen to try to trick the victim into calling for help, for which they have to pay. Just have a decent anti-malware program run a scan on the infected device and follow its instructions.
Lockware is a bit more of a pain as it blocks access to the computer itself. Boot into safe mode plus command prompt, restore to a previous time point and then install a decent anti-malware program and have it scan the device just in case.
Develop a robust update process
A robust update process means that all security-related updates are applied promptly to all relevant devices. Of course, for there to be security-related updates, the operating system(s) and applications need to be supported by their developers.
If a developer stops supporting an operating system or application and you want to go on using it, then take it completely offline if possible. If that is not possible, then assume it’s an unsafe place to store data and never allow anything sensitive to touch it, especially not personal data.
Remember that automated backup systems can be indirectly infected with ransomware as can any hardware storage devices left attached to a device.
If you know that managing updates is a weak point in your company, then you need to own the fact and deal with it. Either make sure that in-house resource is made available for the task or contract a managed IT services provider to take care of it for you.
Set rules on how people can use your corporate network
Over the years, it’s become standard for companies to take a relaxed attitude to employees using the company internet connection for personal business, as long as it doesn’t interfere with their work. In the early days of the internet, this was often a major perk. These days, it’s generally just a convenience. Most employees will have their own smartphones and maybe tablets as well, but using a proper computer can be much pleasanter.
Given that most malware is spread through either compromised websites or email attachments, now may be the time to start resetting expectations and stopping or at least limiting the use of the company’s internet connection. If you decide to go down this route, then it’s sensible, as well as polite, to explain to staff what you’re doing and why. It may also be helpful to offer them an alternative, such as a “social” WiFi network and maybe some communal power banks and charges so they don’t have to worry about running down their battery.
Consider how you manage remote and mobile users
Ideally, all remote and mobile users will connect to the company network over a VPN. In the real world, however, this isn’t as easy as it might sound on paper.
For example, finance departments are unlikely to be happy about buying VPN licenses for employees who rarely work out of the main business location, especially if it’s because they want to do so rather than because they need to do so. By contrast, HR departments are unlikely to be happy about denying employees the option to do so without good reason.
Generally, the pragmatic approach to managing this is to organize VPN access for employees who routinely work remotely or are regularly on the move. For everyone else, you could keep a pool of in-house laptops (or even decent tablets, possibly with external keyboards) equipped with VPNs for occasional use. Alternatively, you could consider just insisting that people use a paid connection (i.e. not free WiFi) and possibly limit their access.
Remember that a backup is your last line of defense against ransomware
In theory, you may be able to find publicly-accessible keys to decrypt files after ransomware attacks. In practice, if it were that easy ransomware attacks would stop. The fact is that you will need a fairly large dose of luck for this to succeed and luck is not a strategy. An effective data backup system, by contrast, is definitely a strategy and it’s one you should be implementing anyway.
An effective data backup strategy requires having three copies of your data over two media (clouds) with one copy being kept off-site (in a different cloud). Additionally, any sensitive data should be stored encrypted and these days any personal data absolutely must be stored encrypted. This won’t stop ransomware, but it will stop the attackers from stealing your data as well!
Endpoint Detection and Response