In our TOTW of 19 December 2013, we predicted that 2014 would see an upsurge in Ransomware events.
Ransomware is software that typically encrypts your files and gives you three days to pay a Ransom to decrypt the files. The main offender is still the now infamous Cryptolocker which uses a bug in a Windows API and very stealthily and nastily encrypts all images, spreadsheets and documents etc. to which the infected machine has access. That is all files located on both the local machine and all shared drives. NIGHTMARE!
This week it was announced that an American law firm (Goodson’s in Charlotte, North Carolina) has lost all of it’s legal documents to Cryptolocker, after deciding to pay the ransom too late. Our best wishes are with their IT team for a speedy resolution.
Crytolocker and other (nasty, nasty) Ransomwares have two typical routes in (attack vectors if you want to sound like a pro). These are via email attachments or via Botnet infection.
User education is key to preventing email infection. It is imperative that you or your users take care with attachments from people not known or trusted.
The Botnet infection is much harder to detect and requires the following as a bare minimum:
- Make sure you have a current backup of all your data
- Remove administrative privileges where they are not needed including local admin
- Make sure your systems are patched
- Ensure your anti virus is up to date and ACTIVE
- Review access control to network shared data
Beyond these essential steps, ITC can assist with deploying and managing technology to identify Botnets ‘in flight’. We integrate a number of technologies, managed under our NetSure360° platform, which can:
- Identify traffic to and to and from botnet command and control servers on the internet
- Identify machines on the network both corporate and ‘bring your own’ that do not have up to date, ACTIVE antivirus and enforce remediation or bar them from the network
- Identify machines that are behaving suspiciously (multiple file open requests for instance!) on the network and bar them from the network
- Make sure your systems are patched, both corporate and ‘bring your own’ and enforce remediation or bar them from the network
- Identify the unsuccessful and successful use of privileged accounts
- And much more!
The question that must be addressed is clearly ‘to pay or not to pay’. The answer to us is obvious, don’t pay if you don’t have to. You won’t have to if you have a plan and we can help you to build, implement and execute a plan.
If you don’t have to pay, Ransomware becomes Vapourware, and that is A Very Good Thing for all of us.
If you would like to discuss any of these issues or anything at all about secure networking, please contact us on: 020 7517 3900 or email [email protected]