The WSJournal reports today of a municipality that is battling ransomware with an AI-enabled alert system. The account prompted Financialish to dig out some free practical advice for our readers on how to protect and preserve your firm’s computers and files from ransomware attacks. 

WHAT IS RANSOMWARE?    Ransomware is a sophisticated piece of malware that blocks the victim’s access to his/her files. The 2 most common types of ransomware in circulation are, as follows:

• Encrypting ransomware, the most widespread type of ransomware and most worrisome cyber threat at the moment, incorporates advanced encryption algorithms. It’s designed to block system files and demand payment to provide the victim with the key that can decrypt the blocked content. Examples include CryptoLocker, Locky, CrytpoWall and more.

• Locker ransomware locks the victim out of the operating system, making it impossible to access the desktop and any apps or files. The files are not encrypted in this case, but the attackers still ask for a ransom to unlock the infected computer. Examples include the police-themed ransomware or Winlocker.

HOW BUSINESSES CAN BEST DEFEND AGAINST RANSOMWARE ATTACKS.    Financialish found helpful article from Digital Guardian that offers contributions from 44 security experts – starting with Tim Bando, Digital Guardian's own Director of Cybersecurity.

After reading Mr. Bando's suggestions, click the link below to continue reading.

"Not a week goes by now where we don’t see a barrage of ransomware related headlines..."

Where an organization, hospital, or business had to cough up a fairly large sum of money to decrypt files that became a victim of the incessant malware. Readers of these headlines will scratch their head in puzzlement as to why anyone would even pay, until of course they're faced with this scenario themselves. The first question that always comes to mind is, "How could we have prevented this?" There are multiple steps that can be taken to defend the enterprise against this species of malware and like anything in cybersecurity, a layered approach is always best.

1. Ensure antivirus is installed and up to date across all endpoints within the business. Keep in mind, AV is based on signatures so new variants may and will slip through the cracks, but this could easily be a first line of defense. Additionally, it’s best to have a multi-faceted security solution that employs additional protective technologies such as heuristics, firewalls, behavioral-based threat prevention, etc. Digital Guardian offers an ‘Advanced Threat Prevention’ module that contains a suite of protection rules against ransomware based on how it behaviorally interacts on the operating system.

2. Establish security awareness campaigns that stress the avoidance of clicking on links and attachments in email. I literally ask myself these questions when receiving an email message with a link or an attached file: 1) Do I know the sender? 2) Do I really need to open that file or go to that link? 3) Did I really order something from FedEx?? Phishing is a common entrance vector for ransomware and because most end users never think twice, it’s extremely successful.

3. Backup the data. There are a ton of options here, from backing up to cloud providers to local storage devices or even network attached drives, but each comes with a certain level of risk. It’s imperative to remove the external storage device once a backup has been taken so that if ransomware does infect the computer, it won’t be able to touch the backup.

4. GPO restrictions are an easy and affordable method for restricting not only ransomware, but malware in general from installing. GPO has the ability to provide granular control over the execution of files on an endpoint, so adding rules that block activity such as files executing from the ‘Appdata’ directory or even disabling the ability for executables to run from attachments.

5. Patching commonly exploited third party software such as Java, Flash, and Adobe will undoubtedly prevent many of these types of attacks from even being successful in the first place.

6. Restrict administrative rights on endpoints. I know this is of course a highly political and even cultural request to make, however reducing privileges will reduce the attack surface significantly. End users shouldn’t be downloading and installing games anyway, right?

Ransomware has significantly evolved over the years since it was first introduced back in 1989 as the ‘PC Cyborg’ Trojan and the user had to pay around $189 dollars to repair their computer. Fast forward 20+ years and we’ve seen a myriad of different types of specimens leveraging varying techniques in an effort for the authors or distributors to get paid. With no clear end in sight, we will continue to see these types of attacks, so tightening up the security belt and locking down our PCs is the wisest thing we could do in order to protect what matters most on these devices: the DATA!