How to Help Your Customers Protect Themselves from Ransomware Attacks
Protect Your Network From Ransomware
Click here to load reader
-
Upload
natan-bradbury -
Category
Documents
-
view
32 -
download
0
Transcript of Protect Your Network From Ransomware
![Page 1: Protect Your Network From Ransomware](https://reader038.fdocuments.in/reader038/viewer/2022100722/58f3537c1a28abb83a8b45f5/html5/thumbnails/1.jpg)
VITECH | 800-536-2156 | vitechpros.com | COPYRIGHT © 2016 VITECH
PROTECT YOUR NETWORK FROM RANSOMWARE
Two years ago, ransomware was practically unheard of. Today, it is the single
greatest threat to your network. There are literally hundreds of variants, but the worst
strains are the crypto-ransomware variants, which encrypt system and network files with
ease, rendering them unusable and unreadable. Of course, in most cases you can get
your files back, if you pay the ransom.
The malware used to infect and encrypt devices is typically delivered through an
innocent-looking email that invites you to click on a link, or download an attachment.
These emails are spoofed so well that they look like they were sent internally by your
Manager, or CEO. The encryption used by cyber-criminals is so airtight, that when
questioned about it, the FBI had this to say:
![Page 2: Protect Your Network From Ransomware](https://reader038.fdocuments.in/reader038/viewer/2022100722/58f3537c1a28abb83a8b45f5/html5/thumbnails/2.jpg)
VITECH | 800-536-2156 | vitechpros.com | COPYRIGHT © 2016 VITECH
"The ransomware is that good," Joseph Bonavolonta, the Assistant Special
Agent in Charge of the FBI's CYBER and Counterintelligence Program told Boston's
Cyber Security Summit in October. "To be honest, we often advise people just to pay
the ransom."
Many different industries have been targeted, including, healthcare, education,
finance, and even law enforcement. The most high profile case of ransomware this year
was the attack on Hollywood Presbyterian Medical Center in California, and there have
been hundreds of similar attacks since then (See here and here). If you work in
healthcare, not only do you have to deal with the impact of ransomware ravaging your
network, but it also needs to be reported as a HIPAA breach to OCR as well.
Fortunately, all is not lost. There are several concrete steps you can take to
protect your organization's network before you become the next victim.
STEP 1: SECURE YOUR NETWORK
You should have done this already, but if you have not, you need to have a
Next Generation, Unified Threat Management (UTM) system in place. This is the new
breed of the old, reliable “firewall.” This system should include self-containing software
that not only contains Intrusion Detection & Prevention, but also includes things like
SPAM & Phishing filtering, malicious website filtering, and web content filtering. The
SPAM & Phishing filtering are crucial, as that is how cyber-criminals are delivering the
ransomware payloads.
![Page 3: Protect Your Network From Ransomware](https://reader038.fdocuments.in/reader038/viewer/2022100722/58f3537c1a28abb83a8b45f5/html5/thumbnails/3.jpg)
VITECH | 800-536-2156 | vitechpros.com | COPYRIGHT © 2016 VITECH
STEP 2: DEPLOY STRONG ANTI-MALWARE SOLUTION
Assuming ransomware is able to make it past your perimeter and into your
network, your next line of defense is your anti-malware software installed on each of
your endpoints (Mobile Devices, PCs, and Servers). It cannot be emphasized enough
how important this step is. If your UTM system fails, you need to have a second line of
defense.
Most anti-virus solutions today have known security flaws, and are not equipped
to handle ransomware & other malware attacks; a fact known by cyber-criminals who
readily exploit it. A strong anti-virus/anti-malware solution is designed to protect against
ransomware specifically, zero-day malware attacks (i.e. previously unknown attacks),
detect and prevent malicious attachments from being opened, and will be able to detect
all widespread and prevalent viruses and malware. But the best solution doesn’t stop
there. It will also include SPAM filtering and malicious web filtering for each endpoint, as
well as blocking malware from installing itself at the root level.
STEP 3: DEPLOY FILE & DISK ENCRYPTION
As a rule, most organizations do not implement encryption on their networks.
Years ago, this was a costly and burdensome endeavor, and it was impractical for most
companies. The threat was low, and the cost high, so it didn't make sense. Today,
encryption has become so widespread that it is very cost effective and easy to
implement, even in a large-scale environment. Encryption is a great defense against
![Page 4: Protect Your Network From Ransomware](https://reader038.fdocuments.in/reader038/viewer/2022100722/58f3537c1a28abb83a8b45f5/html5/thumbnails/4.jpg)
VITECH | 800-536-2156 | vitechpros.com | COPYRIGHT © 2016 VITECH
ransomware, or any other type of data breach. Think of it like this, if your files are
already encrypted, there is nothing left for the cyber-criminal to encrypt and hold for
ransom.
STEP 4: BACKUPS – YOUR LAST LINE OF DEFENSE
When all else fails, the one thing you should be able to rely on to protect your
data are your backups. Data backups should be done both weekly and daily. A weekly
backup should be configured to capture all the data stored on a file system, while a daily
backup should be configured to only capture the data that has changed since your last
backup. To ensure your data is safe from a ransomware attack, there are three
objectives your solution must meet:
Backups must meet encryption standards (i.e. AES 256-bit encryption)
Backups must be stored off-site (e.g. cloud storage)
Backups must be periodically tested to ensure files are retrievable (i.e. on a monthly
basis)
STEP 5: USER TRAINING
This really should be #1, as education is the most effective way of protecting
yourself from becoming a victim in the first place. IT Professionals are rarely, if ever
compromised. The reason is simple. They are trained in what to look for, and how to
either avoid it, or protect themselves against it. Unfortunately, criminals have honed
![Page 5: Protect Your Network From Ransomware](https://reader038.fdocuments.in/reader038/viewer/2022100722/58f3537c1a28abb83a8b45f5/html5/thumbnails/5.jpg)
VITECH | 800-536-2156 | vitechpros.com | COPYRIGHT © 2016 VITECH
their skills and have become more effective at luring unsuspecting victims into their trap.
This is why many organizations have made cybersecurity training mandatory. Evidently,
it’s not enough, as everyone from hospitals to financial institutions around the world are
falling victim to this scheme.
Every organization should create and implement a training policy for all
personnel, so that although they may not reach the same level of knowledge as a
Technical Engineer, they will indeed have the training and presence of mind to think
twice before clicking on a link or an attachment.
VITECH is the trusted choice when it comes to fighting the battle against cyber-crime.
Contact us at 800-536-2156 or send us an email at [email protected] to learn how
we help protect organizations just like yours.