How to Prevent Ransomware

How to Prevent Ransomware

This title may be a misnomer.  If anyone tells you, “I can 100% protect you against ransomware” don’t believe them.  It’s honestly kind of like COVID-19.  All the protections in the world and you may still get it somehow.  There are definitely things businesses can do reduce their risk.  So here are my thoughts on how to prevent ransomware. I got a call this week from a C-level of a local company.  They had just suffered their 3^rd ransomware attack in the last two years.  They are a small company (50 employees) with in-house IT staff.  He wanted me to consult with them and do an analysis of the network.  He was hoping we could identify any gaps in their current security or setup that might be leaving them vulnerable. This conversation got me thinking a lot about what businesses SHOULD be doing to protect themselves.  Many businesses don’t address even the basics of network security.  Most of it is simple stuff that doesn’t even cost a lot.  Here are some suggestions on how to protect your business.

Where does it come from?

There are two common ways that ransomware seems to gain access to a network.  They could get in MANY other ways.  These two are what I’ve seen most often lately.

1. Phishing – This is where the bad actors will send malicious email to users on your network. They often pretend to be some official organization.  I’ve seen them imitate the World Health Organization during the height of the pandemic.  I’ve also seen them send from FedEx or UPS where clicking on the tracking number installs a keyword logger on your machine.  They can also do something simple like gain access to a friend of colleagues email, and send you something malicious from a trusted source.
2. Open Ports – The second way I’ve seen them get in is through open ports on the firewall. They use automated scanning tools that identify these open ports, and then use them to gain access.  Having the Remote Desktop port is open to the world can be a significant risk.

How to Prevent Ransomware

Here are the basic steps we recommend to help prevent ransomware.  There are more options for advanced security, but for most small businesses, these items will give you a good security foundation.

1. Never click on unverified links

This is really just a question of being smart and cautious online.  Don’t go to unfamiliar or sketchy websites.  Don’t click on links in spam emails.  Stay away from pornography, gambling or other seedy things online as these sites are frequently riddled with viruses. If you receive, email from an unknown source be very cautious.  Most likely, it’s junk anyway and you should just delete it.  Look for poor grammar or misspellings.  Look for strange formatting or unusual attachments.  All of these things should tip you off that it’s possibly a phishing attack. If you have any hesitation about an attachment in an email, don’t click on it.  Take a second and hover over the attachment.  Windows should pop a little box that tells you what type of file it is.  This is often an indicator.  You can find out that what looks like a PDF is really a link to a website download.  If the preview shows anything other than the file type presented, don’t click on it.

2. Be careful where you download

Downloading files from untrusted websites can be risky.  Take care online to go to verified trusted sites if you need to download something.  Most software products can be downloaded direct from the software manufacturer.  This is likely the best place to get them. Torrent sites are notorious for having viruses.  Stay away from these sites. Another handy tip is to look for https instead of http.  This means that the site has SSL security.  Many browsers will also indicate this with a shield or a lock symbol next to the address bar.

3. Don’t give out personal data

This one may seem like common sense to many of you.  If you have folks call you on the phone asking for personal data, don’t give it to them.  If the prince of Djibouti reaches out offering to wire you your vast inheritance if you just give him your social security number don’t do it. Sometimes they will be slyer than this.  They will ask about your pets or the street you grew up on.  They’ll ask about your family, and your mom’s maiden name.  They’ll ask when your birthday is.  Soon they have all the info they need to answer the challenge questions and gain access to your life.

4. Filter Email

A good spam filter still goes a long way.  Filters can stop many phishing attacks before they even get to the users.  They also scan incoming mail for malware, and get rid of time wasting junk mail.

5. Update Windows

Windows updates offer increased security and help protect you against various threats online.  A good example was one of the first famous strains of ransomware Petya that infected hundreds of thousands of machines worldwide.  Petya used an exploit called “eternalblue” to gain access to victim machines.  Microsoft released a patch for it in March of 2017.  The major Petya attack happened in June of the same year.  No one who was up to date with patches and updates was vulnerable.  Keep your patches updated!

6. Backup your data

Data backup is essential to any solid IT plan.  There are a couple of tips that you should be aware of that will help you if you are hit with ransomware. We recommend having both a local and an offsite backup.  This gives you more recovery options when it hits the fan.  Having an offsite backup can also be a lifesaver if you get hit with ransomware. One thing to keep in mind for local backups.  Don’t have your backup server on the same domain as the rest of the servers and computers on the network.  This trust relationship is used by ransomware to spread, and if your backup server is on the same domain it will often get encrypted with the rest of your data.  An encrypted backup is useless and you can’t restore from it. You should back up important data at least daily.  We recommend daily offsite backups as well.  If you have a lot of users, critical data, or data that changes rapidly, consider a solution that would back up more frequently.

7. Strong Firewall Properly Configured

Every single business on the planet should have a firewall.  They are not expensive.  We match firewalls to the size of your business need.  They offer a large amount of protection when configured correctly. Make sure that your firewall does not have any open ports on it.  Some companies lately have been opening firewall ports to facilitate working from home.  DO NOT DO THIS.  MANY secure ways to work from home are easy to set up.  Opening firewall ports is not one of them. The right firewall can also offer you additional perimeter protection.  It can add gateway antivirus and anti-malware.  It can help catch malicious processes with intrusion prevention.  It is a key piece of any security plan. An improperly configured firewall is a liability.  Make sure that you have this crucial piece of network security hardware configured by a professional and not your cousin.

8. Use Next-Gen Antivirus

Buy a solid antivirus solution and make sure it’s installed everywhere.  Some of the next-gen antivirus products use heuristic analysis to determine whether a process is malicious or not.  This mean that it logs the behavior of the process and checks against cloud databases.  If it’s determined the process is bad it can roll back changes made.  This is not a bulletproof protection against ransomware, but can help as part of a layered security plan.

9. End User Security Training

As you can see, the users on your network can be the weak link in your security.  There are many companies like KnowBe4 that offer end user security training.  This helps your users better identify malicious email, and teaches them how to stay safe online.  It also gives management the ability to test their users and provide additional training where needed.

In Conclusion

There is no silver bullet when it comes to protecting your network against ransomware.  Good security has several layers that work together to offer the best protection possible.  Following these steps will significantly reduce your risk of getting ransomware. If you don’t know where to start, give us a call.  We’re experts at protecting our clients and can give you smart advice on how to protect your network.