Your how-to guide for protecting yourself against malware.
With the advent of information technology and the internet, came an almost limitless potential for technological advancement and improvements in efficiency in business. Unfortunately, there are two sides to every story. Rapid advancements in technology and how we use the internet have also been accompanied by a host of dangers any internet user would do well to be wary of. This includes malware such as ransomware. Read on to find out some useful tips on how to protect yourself against this malware and limit the risk of losing access to your data.
What is ransomware?
Malware is a type of software that is specifically designed to get access to or damage your data without your knowledge. Ransomware, in particular, is a type of malware that prevents users from accessing data, by either locking the system’s screen or files. In order to regain access, a ransom has to be paid.
More modern versions of ransomware, collectively classified as crypto-ransomware, encrypt certain files, forcing users to make online payments in order to get a decrypt key and restore access to their system.
The consequences of becoming a victim of crypto-ransomware and not having the necessary safeguards and mitigation strategies in place are significant. Where small businesses are concerned, such an attack could mean the end of your business.
All is not lost and there are precautions every user can take to limit their exposure to this malware.
- Use and implement proven multi-vector endpoint security
Your first line of defence is the security system you have in place. It is critical that it offers multidimensional protection and prevention against malware, quickly recognising external threats and any suspicious behaviour. A next-generation endpoint security solution is recommended, offering protection beyond file-based threats.
- Prepare for the worst case scenario with robust backup
While next-generation endpoint security is important for your system’s security regime, it is not completely fail-proof and can still fall prey to crypto-ransomware infections. Ensuring you have comprehensive backup together with a business continuity plan that will allow you restore data and minimise business downtime. This entails more than just your standard backing up to an external drive. It should include back up that is located in at least three different locations:
- Main storage area (file server)
- Local disk backup
- Mirrors in a cloud business continuity service
- Keep Windows updated
While occasionally tedious, keeping Windows up to date will ensure that a number of infections are instantly ruled out. In addition, you can reduce workload by putting in place a patching routine – a security fundamental.
- Keep all plug-ins up to date
Keeping all third party plug-ins updated to their latest build lessens the likelihood of being exploited by ransomware.
- Use a modern browser with an ad blocking plugin
Modern browsers like Chrome and Firefox are constantly being updated to offer more robust protection. They also give the option to add plug-ins that will make you more secure. Even simply having a pop-up blocker running can offer some protection.
- Disable autorun
Autorun is convenient, however, it is helps malware spread across a corporate environment. Disabling autorun as a policy will bolster your system’s security.
- Disable Windows Scripting Host
VBS are Microsoft scripts used by malware authors to either disrupt an environment or run a process that will download more advanced malware. Disable them completely by disabling the Windows Scripting Host engine.
- Have users run as limited users and NOT admins
This is critical because some current ransomware threats are capable of browsing and encrypting data on any mapped drives that an end user has access to. Therefore restricting the user permissions for the share or the underlying file system of a mapped drive will limit ransomware’s scope for encryption.
- Show hidden file extensions
One way ransomware like CryptoLocker and others frequently arrive is in a file named with the extension ‘.PDF.EXE’ or something similar. If full file extensions are visible such files will be easier to spot and remove accordingly.
Coping with infections
Don’t worry if your organisation has unfortunately already been infected. Take the following steps to limit the damage done to your systems:
- Isolate the PC(s) immediately to stop further infection.
- Do not begin re-imaging process until the infection is categorised.
- Contact the endpoint security vendor’s support staff to assist you with completely removing the infection.
- Check if user data was encrypted as soon as possible.
- Alert other employees if this was a targeted attack, or about the threat vector, if appropriate.
We hope you have found this brief guide useful and will adopt some of these precautions and general tips to protect yourself and your business from online extortion.
Solutions I.T. has been providing Western Australian organisations with a comprehensive range IT solutions since 1999. Our strict adherence to industry best practice, ensures our clients are granted access to the most effective solutions available. For premium IT services, the best-fit technology and excellent customer support, contact our friendly team today.