You come into work just like any other day. Make coffee, sit down at your desk, login to your PC only to realize the applications that run your business no longer work. You try another with the same results. You start to notice odd file types that you have never seen before. You cannot open anything. You see a message that says “Pay us or your data is gone forever.” You start thinking, “is this happening to me, to us, to my company?” Are you prepared for a nightmare scenario like this?
Over the last few years, the malware strains dubbed “ransomware” have forever changed the approach to network security. Prior to this, a virus was inconvenient but not devastating. It may mess up a single machine but would not affect other machines on the network. It could be fixed relatively easily. I miss those days.
What is Ransomware?
Just like the name suggests, it will hold your files for ransom. The infection usually comes from a single PC on your network. There are several ways this infection spreads. The most common being email, there is also “drive by malware” which can infect your machine by visiting a website hosting the virus. A simple mistyped website could land you at one such place.
How is Wannacry Ransomware different? Why is everyone making a big deal out of this?
This infection is a new method that has not been seen before. This new high tech exploit was developed by none other than the NSA. Somehow the tech was leaked to the public. It preys on systems that have out of date operating systems and not up-to-date on the latest Microsoft Updates. This means there is no email link to click, there is no malicious website to visit. The infection could find you if your network is unpatched for this vulnerability. It does this by port scanning IP address and attacking the those with vulnerabilities.
How can I stay protected?
There is no single product, vendor, or service that can stop this type of security threat. The answer is a serious of products and policies that work together to create a security suite. This includes Anti-Virus software. While this is a must have, it will not always protect you from every threat. The phrase “Don’t put all your eggs in one basket” applies here.
What security practices should I have?
The best security approach is multi-layered:
- Firewall that has threat management. This device is scanning and protecting the network in real time. It is stopping things before they can become a problem.
- Anti-Virus software should be installed on every PC on the network and up to date.
- Backups should be located onsite and offsite for redundancy. They should be checked daily to verify their integrity.
- User Education is often overlooked but is critical to overall security. How to know if an email is legitimate or not. Reach out to your IT staff if you are ever unsure of a suspicious email or website.
Ransomware is not going away anytime soon. The threat landscape will always be changing. A business needs to be aware of these threats and take steps to keep their information safe. With the right security and backups policies, you can greatly minimize your exposure to security threats like this. Your business needs to be prepared for the worst.