Protect Your Network From Ransomware

VITECH | 800-536-2156 | vitechpros.com | COPYRIGHT © 2016 VITECH

PROTECT YOUR NETWORK FROM RANSOMWARE

Two years ago, ransomware was practically unheard of. Today, it is the single

greatest threat to your network. There are literally hundreds of variants, but the worst

strains are the crypto-ransomware variants, which encrypt system and network files with

ease, rendering them unusable and unreadable. Of course, in most cases you can get

your files back, if you pay the ransom.

The malware used to infect and encrypt devices is typically delivered through an

innocent-looking email that invites you to click on a link, or download an attachment.

These emails are spoofed so well that they look like they were sent internally by your

Manager, or CEO. The encryption used by cyber-criminals is so airtight, that when

questioned about it, the FBI had this to say:


"The ransomware is that good," Joseph Bonavolonta, the Assistant Special

Agent in Charge of the FBI's CYBER and Counterintelligence Program told Boston's

Cyber Security Summit in October. "To be honest, we often advise people just to pay

the ransom."

Many different industries have been targeted, including, healthcare, education,

finance, and even law enforcement. The most high profile case of ransomware this year

was the attack on Hollywood Presbyterian Medical Center in California, and there have

been hundreds of similar attacks since then (See here and here). If you work in

healthcare, not only do you have to deal with the impact of ransomware ravaging your

network, but it also needs to be reported as a HIPAA breach to OCR as well.

Fortunately, all is not lost. There are several concrete steps you can take to

protect your organization's network before you become the next victim.

STEP 1: SECURE YOUR NETWORK

You should have done this already, but if you have not, you need to have a

Next Generation, Unified Threat Management (UTM) system in place. This is the new

breed of the old, reliable “firewall.” This system should include self-containing software

that not only contains Intrusion Detection & Prevention, but also includes things like

SPAM & Phishing filtering, malicious website filtering, and web content filtering. The

SPAM & Phishing filtering are crucial, as that is how cyber-criminals are delivering the

ransomware payloads.


STEP 2: DEPLOY STRONG ANTI-MALWARE SOLUTION

Assuming ransomware is able to make it past your perimeter and into your

network, your next line of defense is your anti-malware software installed on each of

your endpoints (Mobile Devices, PCs, and Servers). It cannot be emphasized enough

how important this step is. If your UTM system fails, you need to have a second line of

defense.

Most anti-virus solutions today have known security flaws, and are not equipped

to handle ransomware & other malware attacks; a fact known by cyber-criminals who

readily exploit it. A strong anti-virus/anti-malware solution is designed to protect against

ransomware specifically, zero-day malware attacks (i.e. previously unknown attacks),

detect and prevent malicious attachments from being opened, and will be able to detect

all widespread and prevalent viruses and malware. But the best solution doesn’t stop

there. It will also include SPAM filtering and malicious web filtering for each endpoint, as

well as blocking malware from installing itself at the root level.

STEP 3: DEPLOY FILE & DISK ENCRYPTION

As a rule, most organizations do not implement encryption on their networks.

Years ago, this was a costly and burdensome endeavor, and it was impractical for most

companies. The threat was low, and the cost high, so it didn't make sense. Today,

encryption has become so widespread that it is very cost effective and easy to

implement, even in a large-scale environment. Encryption is a great defense against


ransomware, or any other type of data breach. Think of it like this, if your files are

already encrypted, there is nothing left for the cyber-criminal to encrypt and hold for

ransom.

STEP 4: BACKUPS – YOUR LAST LINE OF DEFENSE

When all else fails, the one thing you should be able to rely on to protect your

data are your backups. Data backups should be done both weekly and daily. A weekly

backup should be configured to capture all the data stored on a file system, while a daily

backup should be configured to only capture the data that has changed since your last

backup. To ensure your data is safe from a ransomware attack, there are three

objectives your solution must meet:

Backups must meet encryption standards (i.e. AES 256-bit encryption)

Backups must be stored off-site (e.g. cloud storage)

Backups must be periodically tested to ensure files are retrievable (i.e. on a monthly

basis)

STEP 5: USER TRAINING

This really should be #1, as education is the most effective way of protecting

yourself from becoming a victim in the first place. IT Professionals are rarely, if ever

compromised. The reason is simple. They are trained in what to look for, and how to

either avoid it, or protect themselves against it. Unfortunately, criminals have honed


their skills and have become more effective at luring unsuspecting victims into their trap.

This is why many organizations have made cybersecurity training mandatory. Evidently,

it’s not enough, as everyone from hospitals to financial institutions around the world are

falling victim to this scheme.

Every organization should create and implement a training policy for all

personnel, so that although they may not reach the same level of knowledge as a

Technical Engineer, they will indeed have the training and presence of mind to think

twice before clicking on a link or an attachment.

VITECH is the trusted choice when it comes to fighting the battle against cyber-crime.

Contact us at 800-536-2156 or send us an email at [email protected] to learn how

we help protect organizations just like yours.

Protect Your Network From Ransomware

Documents

Transcript of Protect Your Network From Ransomware