The big threat to businesses these days are in the form of RansomWare (a form of MalWare). That term is very apt for the type of this malicious software. It literally holds all your data and files hostage, demanding you pay a ransom amount in order to unlock your files and regain access to your systems.
This sounds pretty serious, and it should. According to current reported statistics (which unfortunately doesn’t account for the larger portion of business that don’t report these attacks), CryptoLocker and another variant CryptoWall have infected more than 625,000 Pc’s and 5.25 billion files in the past 3 years. One particular attack group extorted and estimated $325 Million in the US alone in 2015. This number is just continuing to rise.
Quite simply, this is a scary infection to have, and one we want people to know how to protect themselves against. Like most infections, the best course of action is not necessarily in finding a cure, but rather taking preventative measures.
Here are 7 steps to avoid CryptoLocker infections, and save yourself and your business a lot of money and unwanted headaches.
- Defend Yourself: Your first line of defence for any malicious software is to keep active and up to date security software on your computer and networks. Good security software will guard against suspicious activity and in a lot of cases prevent the infection before any damage has been done. At Future Logic we provide Webroot (http://www.webroot.com/au/en/products/whywebroot) as our trusted security product to our customers. *These packages should also be configured and revisited frequently and adjusted as needed*
- Manage Network Traffic: You should strictly control traffic on your network. Keep in mind that a flat network is particularly vulnerable. Make sure you network is properly zoned and that users can only see and interact to their respective level of privilege required.
- Restrict Access: A good rule of thumb is the Rule of Least Privilege. This simply means that users should only have access to what they need to do to work, i.e. give them the least amount of privilege required. All users don’t need unfettered access to your entire network or all devices.
- Use Layers: The importance of layers cannot be overstated. Firewalls and antivirus aren’t enough. For Firewalls you need to consider application layer firewalls, capability to proxy and reverse proxy. Wherever possible, publish services through reverse proxies to avoid subject-to-subject direct access.
- Practice Safe Security Awareness: Most malware infections are a result of careless behaviour: clicking on suspicious links, opening up phishing emails from unknown senders, visiting potentially harmful websites etc. Users need to be careful and extra-vigilant.
- Backup Everything: Even after all the previous steps, preventative measures are not always enough to stave off these malicious attacks. This is why we recommend running regular backups of your important data and storing them on a cloud-based-backup service. At least you’ll have the peace of mind knowing that your backups can be safely accessed were there originals to be taken hostage.
- Have a Business Continuity Plan in Place: Finally, you need to have a full backup and disaster recovery plan in place. creating a business continuity plan is a classic hope-for-the-best-plan-for-the-worst contingency, one that might prove invaluable in your worst nightmare should a Cryptolocker infection occur.
A Cryptolocker infection can be devastating, but it doesn’t have to be the end with the right backup and disaster recovery processes in lace. Though don’t let it get to that point. Be vigilant and be aware and avoid that infection in the first place.