If you have an internet connected device and have been online in the past few days, you can’t have missed the chat about the latest version of Ransomware to hit the world. Hospitals, train stations, Airports, businesses have all been affected by the latest attack, locking files and requesting a “Ransom” for access back to your own data.
As a service provider, we have been asked how we are protecting our customers against this threat. The answer is not straightforward, due to many variations and types of threats. Let me share some information however.
WannaCry 2.0: this threat is attacking organisations is a new way. It does not require human interaction to infect and spread. This exploits a vulnerability in Windows based systems where SMB V1 is enabled. The vulnerability was identified in March and we have taken appropriate steps to protect our systems from this specific threat. As the name suggests, this is version 2 of the Ransomware designed to exploit the vulnerability. Version 1 only had a minor impact, so the people behind developing the malware took their time to refine it.
This being said, end users need to ensure they are protecting their end point devices as well. There is a SMB V1 setting in your Windows Features that needs to be disabled also. This combined with regular updates being done to software and ensuring you have a suitable End Point Security (Antivirus) Software solution that is also kept up to date will help to protect you.
Other forms of Crypto-Ransomware that are seen through the industry are generally triggered by the actions of an end user. People falling prey to phishing emails which look legitimate. Think the AGL emails, Australia Post, Origin Energy, Job Offers, Invoices, unexpected deliveries. The list goes on. You need to train your staff to be diligent in not being tempted to open or interact with an email they weren’t expecting, no matter how convincing it might be.
You can’t rely on one layer of protection from modern threats. Crypto-ransomware is no longer a nuisance, it is a persistent threat! Ready to exploit any weakness exposed. This is a highly organised criminal activity and don’t think it is going away anytime soon.
Here are some additional tips to keep your business safe:
- Use a reputable and proven End Point Protection software. We recommend Webroot as our preferred product in this area. It has a small yet powerful footprint in protecting endpoint. Leveraging the cloud to deliver real time protection, versus other outdated technologies.
- Consider your email protection. We provide a cloud based email security solution, using Trustwave Secure Email Gateway. All hosted clients have the standard version of this service, some have taken an option to upgrade to the advanced version. This option provides a live service of scanning every hyperlink in an email, every time it is clicked on. Why this option? There are many threats released through email with a legitimate hyperlink, so it passes traditional email scanners. A few hours after it is sent, the target for the link is changed, so when your user clicks on it, they are now taken to the malicious target. Scanning every time, in real time can protect against this.
- Backups; if you don’t have automated offsite back up, it really is time to consider it. The recommended best practice is for your data to be in 3 places. 1. Your file server. 2. A local disk back up (NAS or spare server). 3. A copy in a cloud/offsite service.
- Consider locking down some features that have been designed to make a user’s experience better, but made it easier to infect your machine. These include disabling Autorun, changing user privileges to limited users, not Admins and use modern operating systems, web browsers and the like. Keep them up to date. The older your software, the more likely it is to be exploited.
- Consider a Firewall; they are designed to be a barrier between you and the internet. Without a firewall, it is like closing the front door on your house, but not having a lock on it. We recommend using one that will have a range of features to help protect your network, including secure VPN connections for remote workers.
There are many other steps that can be taken to protect your business. We are able to provide you a detailled assessment and recommendations as well as provide services to test your staff and assess their vulnerability to a phishing attack. Learn more about our security services here.
Contact us today on (07) 3340 5555 or use our contact form. Stay safe!