Ransomware isnt going to go away, if anything its going to become a greater issue for all organisations. The good news is that awareness is probably at its highest now with the constant flow of new outbreaks, such as the most recent NotPetya attack. Whilst on the surface new outbreaks arent a good thing, it does help to remind users to be continually vigilant about suspicious emails, web pages, and social requests.
We published a blog straight after the NHS outbreak giving you an overview of what Ransomware is and some best practices for preventing your own infection. All of the advice is still valid so we thought an update and reminder would be relevant with the continued publicity.
What is Ransomware?
Ransomware is a type of malicious software that carries out cryptoviral extortion. This software blocks access to your data until a ransom is paid. Usually a message is displayed requesting payment to unlock the data. As you're probably aware by now the version that affected the NHS and others was called WannaCry and the most recent one named NotPetya.
How do the infections occur?
Its likely that we'll not know a great deal about the original infection, but it’s likely that it will have entered via one of the following means;
- Legacy Systems and Applications – Many old operating systems, both desktop and server, are no longer supported by Microsoft and other vendors and as such receive no patches or security updates. You would receive these should you have a newer supported software version that is set up to receive updates and these updates would give very basic protection to flaws in software products. The infection may have taken advantage of these known vulnerabilities and used these to spread throughout the NHS network.
- Poor Patching and Updates – Even if newer software systems were in use then it may be the case that they haven’t been patched and updates maintained in the correct manner.
- Phishing/Spoof Emails – Many of the attacks we see are delivered via emails carrying links or attachments which can fool the user into taking actions (downloading a file or clicking a link) that may allow the infection to occur.
- Web Browsing – The act of browsing to sites that carry malware and other types of malicious software packages and then allowing these to be downloaded to your machine.
- Targeted Attack - This is a specific targeted attack against the specific organisation or network attempting to gain access through what’s called a ‘brute force attack’, trying to expose security weaknesses.
User Education – It's vital!
One of the most common ways for any type of virus, malware or ransomware to enter a network or individual machine is via user action. This may take the form of clicking a link in an email or browsing to websites that carry malicious software packages.
The best education for users we can pass on is as follows;
- Be aware of what you are opening and browsing to, look for anything suspicious that doesn’t look right or genuine. Things like fake LinkedIn connection emails are a common one that’s used, but the level of detail and quality of the copy can mean users are easily fooled. Hover your mouse over the link before you click it and the web address you are going to will show up, check it looks genuine.
- Take action! If you see something you are concerned about then report it and get it checked before proceeding.
- Should the worst happen and you get infected turn the machine of as quickly as possible and get it inspected by an IT professional.
Best Practice IT Security!
It’s not possible to guarantee you won’t ever be infected, but what you can do is follow some best practice advice to help decrease the likelihood of infection.
- Patching - Always ensure your machines are up to date with the latest patches and security fixes from Microsoft (and other vendors).
- Anti-Virus - Ensure you have anti-virus installed on every machine on your network and that it is receiving the latest updates.
- Password Policies – Ensure you have and use complex passwords containing a mixture of letters, numbers and special characteristics. Ensure passwords are changed regularly. Most importantly don’t use the same password everywhere.
- Firewalls - Ensure you review all your technology for updates – it’s not only operating systems that go ‘end of life’, your firewall or security appliance may also have stopped receiving updates.
- Administrator Rights – Ensure that these are removed for end users. This limits their ability to install and run new software applications that may be used as a transporter for malicious software.
- Email Filtering – Ensure you don’t allow dangerous emails to reach the user. If the email doesn’t reach the user as it is blocked by the filters then they can’t click on the links!
- Backup, Backup, Backup and Backup! As a method of last resort, you need to ensure your data is secured and backed-up. Avoid storing data on your local machine and holding single copies that could easily be lost.
If you have further questions or would like further information on Ransomware let us know. If you'd like a FREE review of your organisations security then click here: http://www.mirus-it.co.uk/it-security-assessment