There is no absolute protection against ransomware, but the following measures will help to minimize the threat.
Malware (APPS, other software etc. that are designed to damage the users systems or facilitate theft or ransom) has been around for decade, but our increasing reliance on computer systems has led to a growth in the types and prevalence of malware including ransomware.
The WannaCry ransomware attacks of May 2017 caused a lot of damage across many countries including, in particular, the NHS in the UK and have led to a much greater awareness of ransomware and how vulnerable many organisations are to this kind of attack.
Modern defence against such attacks is to incorporate multiple layers of protection and not expect one solution to prevent all attacks.
1. Network and Infrastructure Security
The starting point is to have secure infrastructure. The level of security necessary depends on how valuable the data and services are in the systems and how damaging their temporary loss would be. You don’t spend £1,000,000 securing something worth only £500,000 but conversely you must put in what it takes to secure your systems to the appropriate level and keep them at that level.
Firewalls, anti-virus and anti-malware solutions, regular backups, intrusion prevention and detection and regular updates are essential for all significant systems.
There should be standard procedures for ensuring all servers and network infrastructure are kept up to date with security patches.
Security policies should be constantly reviewed and updated – they are not documents to sit and forget about.
The security situation is constantly changing and new threats keep appearing and a well organised IT department must be ready to recognise and deal with such threats.
Infrastructure also includes all mobile devices that any staff member might use.
1a. Keep PC Security Up To Date
All PCs should be updated with latest security patches as they become available. Any PCs that cannot be adequately updated due to age must be removed from the network. (The Windows patch that would have blocked Wannacry was issued 2 months before the attacks took place).
Ensure adequate anti-virus and anti-malware solutions protect all PCs.
Third party tools that manage large scale updates can be of great help.
If you’re using a Microsoft network then Microsoft has the Microsoft Baseline Security Analyzer (MBSA) that can assess devices and the services that run on them. It makes recommendations on how to harden them for the utmost security without compromising services.
1b. Handheld Device Security
The intended usage for handheld devices will help determine how they should be locked down.
All of the rules for PCs should apply to handheld devices where possible – including strong passwords, data encryption if confidential, screen auto-lock, ban on downloads unless approved etc.
2. Data Management and Backup Regime
The Wannacry attacks have highlighted the need for organisations to have regular backups of all data and where possible to keep the backups off site so any threat to the main site cannot also infect or delete backups as some ransomware tries to do..
There are many suitable tools for automating backups
Proper staff training is essential so that staff know how to recognise threats from scams, phishing, social engineering etc. and hence not to fall for such tricks.
3b. Social Engineering
Social engineering is the art of manipulating people so they give up confidential information. The criminals usually seek to trick the target into giving them passwords or financial information, or to access their computer to install malicious software.
Criminals use social engineering tactics because it is often easier to exploit people’s trust than it is to crack passwords.
Be careful and always think before giving out any confidential information.