How can I get rid of ransomware? Good question!
As we usher in the new year of 2018, we are confronted with an ever-expanding network-borne threat landscape especially from ransomware. Ransomware is a type of malicious software which is used by malicious actors to encrypt systems or data. When the ransom is paid the key is in some cases provided to unlock the data. In some cases, after initial infection, ransomware will attempt to spread latterly to shared storage or accessible devices.
No segment of our economy is more acutely aware of this fact than small and medium sized businesses. Recently my team was presented with the opportunity to assist a small business which had been hit by ransomware; working with them two key lessons were distilled from the experience:
- Small/medium businesses are highly susceptible to ransomware or internet schemes.
- Cost effective processes and technology options for confronting these threats is lacking or absent.
Working with the team in Texas rekindled my memories of my own family’s roots in a small town. My family is from Ashland Alabama (population 1,971) which is pictured below and serves as the inspiration for the Main Street Cybersecurity series.
Courthouse, Ashland Alabama, circa 1970s
Ransomware poses one of the most significant threats to small and medium size businesses across the nation and the globe. In a variety of polls, ransomware consistently ranked as one of the top five concerns for Chief Information Security Officers (CISOs) for 2017 Using input from my team coupled with other industry professionals we compiled these Top Ten Cost Effective Solutions for confronting ransomware:
- Back up your data, and ensure you can restore it – Organization backups are essential to ensuring that in the event of ransomware you have options: restoring is always preferable to paying ransomware merchants. Ensure that backups are separate, protected, and available so that they can be called upon to “save the day” at a moment’s notice. Practice disaster recovery on a regular (quarterly) basis.
- Prevent global write access to shared network drives – Modern malware has a nasty tendency to move laterally across networks using mapped drives. Small/medium size businesses often are creatures of evolution not design which expose them to harm. When a small business has a central server, ensure that connected desktops cannot write to the server drives. In the event of an infection of a desktop, this will ensure that malware cannot propagate across the network.
- Migrate to cloud-based email – Whenever economical, ensure that your business is using Cloud Based Email to optimize ransomware blocking. Most Cloud Based Email solutions will ensure that SPAM filters with updated lists are being run against incoming traffic. We recommend G-Suite by Google.
- Limit users’ ability to run untrusted executables – Implement Software Restriction Policies to ensure that compression applications or browsers cannot execute programs from cache or temporary file locations (example: downloads).
- Train your workforce on good browsing/email habits – No matter how small or large, emphasize with the workforce the importance of vigilance when it comes to browsing habits and more importantly email. Provide a checklist for consideration when it comes to email. Both training and publications information and educate the workforce on the threat posed by ransomware.
- Secure Microsoft Office products – Trust no one! Disable all macros in the “trust center” of Microsoft Outlook.
- Use an anti-malware DNS provider – Quad9.net is a free DNS service that will not resolve known malware/ransomware sites. Configure your workstations to use this service instead of the ISP-provided DNS server. Point your DNS at the IP: 9.9.9.9
- Stop Weaponized SPAM – SPAM is very well-designed emails which malicious entities send to victims to entice the user to click on a link which delivers malware or ransomware. SPAM reduction software often referred to as “SPAM Killers” are commonplace in the market. Some of these solutions are baked into solutions such as Microsoft Outlook and others offer integration patterns to protection existing mail server solutions.
Please follow the Main Street Cybersecurity series and thank you to the contributors who assembled this article and those who protect this great nation we live in.
Please note that my views are my own and not that of my team or my clients; I am the Founder of Release 2 Innovation (www.r2i-llc.com) which delivers a variety of products and services across the Computer Network Defense and Data Science domains. My gratitude to my team, our home town, and my family who make us what we are today. Following us on twitter at @Release2I.