We hope our blog will help you with your IT questions

medical

  • Home
    Home This is where you can find all the blog posts throughout the site.
  • Categories
    Categories Displays a list of categories from this blog.
  • Tags
    Tags Displays a list of tags that have been used in the blog.
  • Bloggers
    Bloggers Search for your favorite blogger from this site.

Ransomware and how to minimize its risks

Posted by on in Information Security
  • Font size: Larger Smaller
  • Hits: 1044
  • Subscribe to this entry
  • Print

The business impacts of ransomware

Most business users have heard of "malware" - malicious software designed to disrupt a business, cause an alteration of processes, etc.  "Ransomware" is a variant of malware which in accordance with the name, is designed to infect a user's system (and potentially any connected networked systems) with code which either locks out access to the data, or which is capable of encrypting the subject data.  The perpetrator will attempt to blackmail the company into payment of a "ransom" to regain access to the affected data.  Ransomware is more widely known now, both because of the damage done to organizations, but also because these organizations were generally doing a reasonable job of protecting their systems.  Ransomware is truly an attack which relies primarily upon 1) untrained or unwary users and 2) poor information technology defenses

Some useful links are noted below with good synopsis regarding ransomware and methods such as CryptoLocker and CryptoWall:

https://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/reports/rpt-the-fine-line.pdf?ClickID=cqeppqsleevifazv7nenixaskqszxpkskkz

https://www.us-cert.gov/ncas/alerts/TA14-295A

https://www.fbi.gov/news/stories/2015/january/ransomware-on-the-rise/ransomware-on-the-rise

http://money.cnn.com/2016/02/17/technology/hospital-bitcoin-ransom/?iid=EL

http://www.bbc.com/news/technology-35773058

It is worth noting that some of the recommended steps to avoid ransomware focus on software and hardware solutions...but in our experience, the most advanced defenses must be used IN CONJUNCTION WITH proper user training, awareness, and discipline.  Some of the most current advice regarding prevention is offered by Trend Micro, CERT, Sophos, and the FBI.  Interestingly, the FBI has counselled victims in the past to pay the ransom...for the most part, these companies were not going to recover their encrypted data any other way.

To prevent ransomware we strongly recommend the following:

  1. Business' must train users about the risks of ransomware, what vectors are used to distribute it, and how to respond
  2. Critical systems must be backed up using image-based backups on an hourly or multi-hourly basis
  3. Windows Updates on servers and workstations must be centrally managed and as up-to-date as possible...weekly reporting should reflect any deficiencies
  4. Businesses should use at least one type of content filtering to filter (and report on) web usage of all types, and be set to block malicious content consistent with best practices
  5. Anti-SPAM should be configured consistent with manufacturers best practices...these change and should be reviewed at least monthly for configuration changes
  6. Antivirus must be up-to-date, cover ALL devices which are capable of accessing server-based data or other shared data of any type, and configured according to the latest best practices
  7. An organization's IT group must have DR design which accounts for the response scenarios involved with ransomware
  8. Be flexible and understand this threat is changing continuously...adjustments to configurations will be required
0