Ransomware! Cyber Data Napping! What?

From the Desk of David F. Wiley, Director of IT

The bad guys seem to be targeting every type of business and government sites these days. They are checking for the soft targets: “and crowded places—a term more recently used—are typically defined as locations or environments that are easily accessible, attract large numbers of people on a predictable or semi-predictable basis, and may be vulnerable to attacks using simple tactics and readily available weapons.”

Now there is no single, ultimate solution (AKA the Silver Bullet) to guarantee that everybody is fully safe from [ransomware]. There is no one piece of hardware or one piece of software or one poor over-worked network administrator that will do the trick.  It takes a multi-layer approach.

We take just that: a multi-layer approach. We’ve integrated a number of security items that are kept up-to-date and in place. We find adding layers of security is the best approach.

We’re sharing that with you to help you integrate this into your workplace.

Steps to Prevent Ransomware in Your Business

There are five (5) main layers you can use to help prevent ransomware from affecting your entire system:

  • Don’t Let Ransomware Penetrate Your System!
    • Keep it from getting into the network.
    • It is Impossible to prevent it 100%, but you can:
      • Have a great firewall (We recommend Sonicwalls) on all external facing Internet circuits with security services. Enable it to block attachments and perform virus scans at the firewall.
      • Have your email flow through a spam and malicious content filter (We use Barracuda and Office 365 E3).
      • Check hardware and software for default logins and privileges.
      • Update all encryption and cyphers.
      • Don’t forget to update the required patches. Update, Update, Update.
      • Trust but verify.
  • If Ransomware Is In Your System: Don’t Pull the Pin!
    • Keep it from launching once it gets into the system.
    • A number of things are being done here with blocking of macros and scripts, background Group Policy settings, and running a great antivirus on every endpoint. We use Webroot Antivirus and Cylance and implemented Security Best Practices.
    • The biggest weakness at this level is you, the user.
    • At LifeStatus360, we use KnowBe4 Security Awareness Training Campaign. Everyone at LifeStatus360 must take the training. We do a new training every month. At this point, education and knowledge is the best defense.
    • LifeStatus360 recommends Security Awareness Training! If you touch a computer, take the training.
  • If Ransomware is In Your System & the Pin Has Been Pulled – Don’t Let It Call Home!
    • Keep it from “calling home” once it gets launched.
    • For the most part, once a computer gets infected, it cannot lock the files until it contacts its home base and gets a key to lock the files.
    • Webroot Antivirus and Sonicwalls do their things at this level but they must keep up with the ever-changing viral evolution that are continuously being released.
    • Cylance offers superior protection as it learns and adjusts on the fly and blocks suspicious traffic quickly. Their predictive AI approach is great.
  • If Ransomware is In Your System, the Pin Has Been Pulled & It Called Home (Oh my!) – Have Backups In Place!
    • Back it up. Back it all up. And don’t forget to test the backups!
    • Having consistent and prodigious backups is the final key. Hourly, daily backups with monthly (or longer) retention.
    • “Pay the ransom or the files get it”: If you have Up To Date backups, you can say, “Heck no!”.
    • Then after you say “Heck no!” – hit the RED button, shut it all down, plug the holes, everybody step away from your desk, call the cops, sanitize your system, review the results and learn from your mistakes. Then apply the backups.
    • Will you lose some time? Yes. You have the clean up the mess and plug the holes in your security system – but at least you don’t have to pay the ransom. You have minimized the down time.  
  • Stop it Before it Happens! Be on the lookout! Check the perimeter. Ride the fence line.
    • Add a business wide Security Information and Event Management (SIEM) or a Security Operations Center solution.
      • It is the outside proactive layer, looking in at the required pieces and evaluating the capabilities of your layers.
    • Implement ‘Security Best Practices’ and use them.
    • Audit, test, verify and validate your security system.
    • Multi-layer approach, proactive, education, backups and add a little good guy AI.

You’ve Successfully Prevented Ransomware Disasters!

Is it a lot? Yes. Is it worth it? Oh heck yes! What is the alternative?  Disaster. Absolute unmitigated disaster.

  • There have been 170 ransomware attacks on the US state and local government since 2013.
  • The FBI’s Internet Crime Complaint Center (IC3) has counted 1493 victims of ransomware in 2018.  
  • In 2018 Atlanta, Baltimore, Lodi, Florida City, were all affected by ransomware.
  • In August 2019, 23 Texas cities were targeted in a coordinated ransomware attack.
  • In July 2019, 3 Louisiana school districts were targeted, though it’s unknown if they paid the demanded amount.

The list goes on and on.  See the Ransomware Attacks of 2019 – to date. 

As we add the new layers and update our systems, we will make sure we share the information with our customers. Be a good neighbor.

By the way did we mention that we just received a Confident rating (the highest rating) for an Information Security Assessment from Venminder, who provides vendor vetting services.

Leave a Reply

Your email address will not be published. Required fields are marked *