Ransomware infections have become one of the biggest threats faced by computer users in recent years. As an IT professional who has faced a few ransomware attacks head-on, I’ve learned from real-world experience how to deal with them and how to prevent future infections. Here is a list of six steps you can take to protect your company from ransomware:
1. Take time to educate employees:
Education is the best defense in the fight against ransomware. As IT professionals, we can usually spot a fake or spoofed email pretty easily, but the users we support often cannot. It's a good idea to gather some examples of the types of phishing emails users are likely to see and educate them on what to watch out for. Take screenshots of any emails containing ransomware that you have seen come through your email and share them with employees. Cornell University also has a great site that provides examples of phishing emails that may come in handy during ransomware prevention discussions and training sessions. It's also a good idea create a company policy which mandates that employees run any suspicious-looking emails by IT staff before opening attachments.
It's also important to educate IT staff. Helpdesk personnel that handle daily user issues need to know how to identify threats as quickly as possible. Put a plan into place with specific steps so that staff can work quickly when dealing with threats.
2. Backup, backup and backup again:
A high-quality backup strategy is the best way to ensure that you won't have to pay up if your business falls victim to ransomware. And you don't want to get a reputation for paying the ransom because that could make the business a desirable target for future attacks. We use the Volume Shadow Copy Service on our Windows servers; keep a copy of files on a local backup drive; backup our databases and related files to a tape system; and use Carbonite cloud backup to keep 30 days' worth of files stored safely offsite.
3. Block executables:
Block executables from running in user temp folders and other folders such as the common Downloads folder, where ransomware and other viruses are likely to execute from. Most ransomware takes advantage of a user's temporary folders to execute. Users don't generally have access to this folder and don't even know it exists. For companies using Microsoft server software, you can create Group Policies through Active Directory or local system policies for individual computers that can do this for you. There's also software out there, such as CryptoPrevent, that can easily do this for you. Watch this quick video to see CryptoPrevent in action:
4. Lock down open network shares:
Some forms of ransomware will infect an employee's computer and then look for open network shares that can be used to access and encrypt files, causing more damage. Lock down any network shares by focusing on the bare minimum: Employees should only have the Share and Local permissions that they need to do their jobs – and nothing more. Also, remove the Everyone group from Share Permissions and create user groups for specific tasks. You should only allow access to the Shared folder or drive through those groups.
5. Use up-to-date anti-virus software:
Of course, keeping your company's anti-virus software up to date is a must but keep in mind that new ransomware variants often get distributed before antivirus programs can catch up. Having antivirus installed on your email gateway as well on employees' desktops and laptop computers can help to minimize the risk of a system infection. Most anti-virus software suites have options for Heuristic Analysis and if your anti-virus software supports it, this type of scanning technique can often detect some of these new variants before they can do damage.
6. Disable macros:
If possible, disable macros in word processing, document management and other types of software that users typically use. These types of attacks are typically seen in Microsoft Office applications or applications that may work with Office, but they can infect other operating systems as well (such as Office for Mac). Cybercriminals often use macros hidden inside Word or Excel documents that execute silently and downloads the ransomware from a remote server. The user will not know anything suspicious has happened until they get the ransom message on their screens.
Want to learn more? Download Carbonite's Ransomware Preparedness Guide today.