IT Managers: How to Protect Your Users Against Ransomware

The best way to protect yourself, your users and your business against ransomware is by setting up a proactive defence.

The ransomware statistics paint a frightening picture for anyone in charge of IT:

In Q3 2016 alone, 18 million new malware samples were captured.

Source: Panda Labs

What that means is that the criminals aren’t stopping, they are only getting more aggressive in their attacks and creating new strains to trap victims. This also means that it’s becoming increasingly more difficult for your Antivirus or other layers of protection to keep up, and prevent the malware from entering your network.

More than 4,000 ransomware attacks have occurred every day since the beginning of 2016.

Source: Computer Crime and Intellectual Property Section (CCIPS)

One in five small and medium-sized business who paid the ransom never got their data back.

Source: Kaspersky

Unfortunately, paying the Ransom is no guarantee of you getting your files back. Making it even more important for you to be setting up a contingency plan, perimeters of protection, and educating your users.

Most ransomware demands in 2016 averaged at around $300, although some were charged – and paid – a great deal more. For example:

One of the most notorious examples of a ransomware attack took place in March when criminals locked down the computers of the Hollywood Presbyterian Medical Center in Los Angeles until the hospital paid $17,000.

Hosted desktop and cloud provider VESK paid nearly $23,000 dollars in ransom to recover access to one of its systems following an attack in September.

Source: Kaspersky

No IT Manager wants to be faced with this scenario. Your core responsibilities include protecting the data stored on user devices, and preventing any malware attacks. Can you imagine if your business was held to Ransom for an amount anything like the above because you hadn’t planned and protected yourself against an attack? Or if your users paid the Ransom, and then lost all their files anyway because you hadn’t effectively implemented the correct safeguards?

Protecting your business against Ransomware is one of the core job functions of IT Managers, CIO’s and CSO’s in 2017.

8 Simple Steps: How to Protect Your Company & Users Against Ransomware

1 . Implement Secure, Automated Endpoint Backups

Ransomware targets data that is stored on endpoint devices such as laptops and desktops, exploiting the fact that a huge number of individuals and businesses do not have adequate backup policies and systems in place and instead their critical data exists solely on these end-user devices, with no backup copy.

The most vital part of your Ransomware protection policy is that it has to include an effective, secure backup system that automatically backs up user data according to your centrally set policies on a daily basis.

Without an effective solution in place that automatically backs up end-user laptop and desktop data all your data is vulnerable. Microsoft states that The best advice for prevention is to ensure company-confidential, sensitive, or important files are “securely backed up in a remote, un-connected backup or storage facility.”

Your backup solution needs to be built for business, and can’t be substituted by employing a simple cloud file sharing service like Dropbox. If you have your Dropbox folder mapped locally, the Ransomware can encrypt your Dropbox files as well.

When you have a reliable backup solution in place, you can ignore the Ransomware threat completely as it’s quick and easy to restore an unencrypted version of the user’s files.

Ensuring that people are able to keep working with little to no disruption is key in effectively protecting against extortion attempts, as it gives IT the freedom to ignore the threat and wipe the device and restore the unencrypted data, or give the user a temporary new device with their data migrated to it.

Download the Cibecs Free 30 Day Trial Now
Find out more about Cibecs Endpoint Data Protection

2. Ensure This Solution Includes Secure Local File Encryption

Local File Encryption should be a given feature included with your Endpoint Data Protection solution, and it’s another Ransomware data leakage protection must-have.

Local data encryption protects data stored on laptops or desktops from being accessed by unauthorised users. This is an essential data protection method to protect against Leakware or Doxware, as in most cases, it stops the malware from being able to access the data, thus the risk of data being leaked is eliminated.

IT needs to manage the threat of confidential business, staff and personal files being leaked online. Employing a data protection solution with built-in local file encryption is a vital step.

3. Make Sure You Can Remotely Wipe User Machines

Data wiping functionalities are crucial in dealing with malware attacks. Tools that are specifically built to wipe data remotely from a central location gives the IT Department ultimate control in the event of a Ransomware attack.

This is especially useful for users who work remotely, a remote wipe feature enables IT to forensically wipe a device regardless of where the user is. Once the device is wiped, the safe and unencrypted backed up version of the User’s data can be restored to the device and the user can continue working. No ransom required.

4. Show hidden file extensions

Ransomware frequently arrives as a disguised file, where the file is named extensions such as “.PDF.EXE” relying on Window’s default behaviour of hiding known file extensions. You can make disguised malicious files easier to detect by re-enabling the ability to see the full file-extension.

Read the Microsoft Instructions here

5. Keep your Software Up to Date

Malware relies on people or organisations running outdated operating systems and software with known vulnerabilities. Exploit kits then target these vulnerabilities to silently get onto your computer or device.

Regularly updating software can significantly decrease the risk posed by malware in general. You must also ensure your anti-virus and anti-malware solutions are set to automatically update and regular scans are conducted.

6. Give your Users Strong Passwords

Weak passwords are a surefire way of inviting in multiple data security issues, including Ransomware. Dominik Samociuk, IT security engineer at Future Processing, states that organisations should never use weak or default passwords and instead rely on a password policy prepared by CSO (Chief Security Officer) and imposed by IT administration staff.

Strong passwords that are difficult to guess or hack are an integral first defence against Ransomware attacks.

7. Disable Remote Desktop Protocol Unless Necessary

The Cryptolocker and some other malware access target computers using Remote Desktop Protocol (RDP), a Windows utility that allows others, usually an IT administrator, to access the desktop remotely. If you do not need RDP, you should disable it to avoid RDP exploits. 

Paul Ducklin, senior security advisor at Sophos, told SC Magazine that organisations should also consider enforcing two-factor authentication for all remote logins.

“That means a crook can’t connect to your remote desktop system simply by stealing or guessing a password because there’s a one-time login code he’ll need every time. 2FA doesn’t solve your remote access security problem but it can make attacks much harder for the crooks,” he added.

Read the full article from SCMagazine on how Ransomware uses RDP here

8. Educate Your Users

When it comes to ransomware user computer behaviour is one of the biggest success factors. If your users don’t know what Ransomware is, what to look out for, or how to handle a Ransomware attack, you’re in trouble.

User Education should include:

• What are ransomware and malware?
• Being aware of malicious emails
• How to recognise a suspicious download or install request
• What to do if their computer becomes infected

For an easy way to educate your users and give them everything they need to be Ransomware Aware, download our free User Ransomware Education Sheet – Single Page PDF / Printable

About Cibecs

Cibecs is the best endpoint backup & data protection solution for business, it’s built locally and trusted by thousands of companies worldwide. Cibecs is easy to deploy and manage and equips IT with a single solution for complete end-user data protection. With Cibecs you’ll have total visibility with impressive and intuitive reporting that enables Corporate Governance Compliance.