28 Jun 2017
Most people have now heard of ransomware since the cyber attack on the NHS and other organisations in May 2017. However, ransomware has been affecting small/medium sized businesses for years. If you have not yet been hit by ransomware you have either been very lucky or have taken some proactive steps to prevent it.
The bottom line is that if you get infected with
ransomware, if you do not have a reliable backup you will either have to pay to (maybe) get your data back or you risk losing your files. Here are 8 tips to help prevent against ransomware:
This goes without saying. Backup your data to an offsite location so that it cannot be accessed by the ransomware. Note that many “sync” services such as Dropbox/OneDrive do not protect you and will often sync the ransomware virus to the cloud. Also ensure that you regularly test to see if your data can quickly and easily be restored.
Ensure that you patch and update your servers and end user desktops/laptops regularly. Also ensure that other software such as Adobe Reader, Java and Flash Player are updated to the latest version.
The scary reality is that at BackupVault we see many customers infected with ransomware and then contact us to restore their data. After successfully restoring the data we often see that they are using the top two very well known antivirus solutions – and they have let the virus spread. Only use reliable antivirus vendors such as Trend Micro, ESET and Kaspersky who all have a good track record of detecting and preventing ransomware outbreaks.
There are many providers such as Messagelabs that can sit between your mail server and the Internet, quietly scanning all incoming emails. These types of service stand a very good chance of stopping a ransomware or similar virus from even hitting your network in the first place.
In a Windows domain environment, it is relatively easy to configure Group Policy to disable executable files from running when they are in a specific location on a PC. Locations such as ProgramData, AppData, Temp and Windows\SysWow are all common locations that viruses are launched from.
Most ransomware is still spread by documents sent unsolicited via email. Train your employees to know what is suspicious and what is legitimate and always take an extra few seconds to read an email
Consider disabling macros on Microsoft Office software as a large number of ransomware software will spread through compromised Word and Excel files.
The Windows AutoPlay feature will automatically launch a file from a USB stick or CD/DVD. Turning this off will stop a ransomware infection from automatically running if delivered via removable media.
If you still end up being infected by ransomware, immediately disconnect the computer from the network. It is worth contacting an IT specialist to see if they can find out the particular name or variant of the malware.
Many antivirus vendors such as Trend Micro and Kaspersky have developed tools to de-crypt some types. Note that with the very latest ransomware its not usually possible to find a fix, so restoring from a reliable backup is the only solution.