Preparation is your best defence against ransomware

Ransomware, what a problem it is! 

In the last 2 years we have seen it rise from an obscure malware variant to the most successful ever seen.  

The problem is as long as people think they have nothing worth stealing it will continue to be used.

It is going to get worse before it gets any better, if it will get any better.

Ransomware targets files and folders that you keep your information in. Those files can be local (my documents), server based (shares on a server) and the newest ones are also encrypting one drive, google apps storage, drop box and logmein's cubby.  

Newer versions are constantly being discovered with better payloads, targeting undiscovered vulnerabilities and harder and harder to remove.

What is the best thing you can do to protect yourself, your business or your organisation?

There are two strategies that work together, TRUST NO ONE, and it will eventually happen to you. Being aware that it can happen, happen to you and happen at the most inopportune time is how you can make sure that ransomware has limited impact on your environment.

That being said here are 4 ways to manage ransomware:

Detection

Some ransomware will be picked up by antivirus and anti malware systems. 

Running malware bytes on all systems within the network is a good idea, but it will still not catch everything available out there. 

Anti virus and anti malware are reactionary systems, so until AI comes we have to hope that the bad guys are lazy and use systems that are readily available - that makes them known to AV and AM.

Another system that can manage and detect ransomware is a second generation or next generation firewall, this not only have the capability to pick up the malware component but it can also restrict access to the command and control systems that malware needs to function.

Containment

If it does get in, now what do you do. 

Train your people to NOT just walk away from their computer. 

This creates bigger issues!

If you think it has happened the first thing you need to do is unplug the system from the network. 

Then get your IT people in, internal or external, and they will (should) know what to do.

If something is done straight away it will definately limit the damage done by the malware.

Eradication

Once it is discovered then getting rid of an infection becomes the next part of the process. 

Once again, AV, anti malware, spy bot, firewall become important. 

On a Microsoft system auto-runs becomes a vital tool in the eradication and removal of any type of malware.

The best strategy is to rebuild all infected systems.

Recovery

To recover from a malware attack, no matter the system used, preparation is absolutely vital. 

If you have thought that this can happen to me, reduced the risk to your information and made those critical decisions that you are already on the way to recovering from an attack

The best recovery strategy is a good DR system, a good BC system and a good backup.

If you are really concerned with recover and minimising the loss of data then a decent imaging backup system is absolutely vital - we use shadow protect because we know that we can roll back a system to 15 minutes prior to the infection and have that information available as soon as possible after the above three point have been done.

If you have the attitude that a ransomware attack can and will happen to your organisation, you are already prepared for it to happen. 

Just like an insurance policy - someday one day X will happen, then you are prepared for X, ransomware can be a devastating X. 

Your best protection is have a really good back up.