Cyber Security 201: Understanding & Preventing “Encrypting Ransomware” Attacks

The term, “cyber security” includes many types of threats, which can create a swirl of questions in decision makers’ heads. In this first installment of our Cyber Security 201 series, we answer the most common questions about encrypting ransomware.

It is malicious software designed to block access to one’s computer system until a sum of money is paid. Examples are Locky and Cryptowall.

And now, the key question: WHY SHOULD YOU CARE?
Ransomware has historically targeted individuals, but more recently, they have expanded their horizons and are attacking US companies of all sizes. While they started with small businesses, a major Hollywood-area hospital was shut down earlier this spring by hackers demanding $3.7M in ransom. For that reason, it is critical for you to understand where you are at risk of a ransomware attack and how to prevent it.

There are 3 ways that ransomware attacks are delivered. First, they can come thought attachments in emails. These might have a subject that says, “You’ve won money!” or “UPS is delivering a package to you,” or “You’ve received a wire transfer.” Second, they could come through macros. A “macro” is a series of commands/instructions that are grouped together to accomplish tasks automatically, thus speeding up routine editing and formatting in software products like Microsoft Word or Excel. In this case, the macro might appear as if it’s embedded in a Word document: at the top, in a yellow ribbon, it will say something like “this file came from the Internet, do you want to edit it?” Third, you could pick them up by visiting un-secure websites.

Now that you understand ransomware and where you might pick up an attack, the next step is knowing how to prevent attacks.

We at KIT recommend four steps to ransomware prevention. While the first two are more straightforward, the 2nd two are behavioral and might take a bit more effort to integrate into your regular operating environment:

  1. Install and maintain updates on anti-virus software. Examples of dependable software include Trend and BitDefender – your internal IT Team or MSP can advise as to which product is the best fit for your set up.
  2. Install an advanced threat protection application. An example of this is OpenDNS, which provides cloud-delivered network security service to protect any device, no matter where it’s located.
  3. Train your colleagues to ask questions. When an email arrives in your inbox, does the email have a “From” name that you recognize? Does it come from a weird-looking address? Is there an attachment even though the email doesn’t say anything about one or does the file name look bizarre? These are the kind of questions you and your colleagues need to engrain in your everyday routines so you can be on guard from possible attacks. Many people think, “Oh that won’t happen to me,” but that is no longer the case as technology becomes more engrained in business operations and attacks become more common.
  4. Limit access to network shares. A “network share” is space on a server that is accessible to others over your computer network. Regularly check (or have your IT team, MSP, etc. check) all of your network shares and backup locations to ensure that their permission settings allow access only to the administrator (and/or the backup service provider).

Hackers are extremely smart and always evolving. For that reason, MSP’s and IT providers are constantly staying up to speed on new attacks and adjusting their products in an effort to protect users from them, but nothing is ever 100%. Similarly, while our 4 recommendations above go a long way, they are unfortunately not full-proof. For that reason, while prevention is obviously important, we also believe in educating folks about how to identify whether or not you have been attacked and, if you have, how to respond – stay tuned for more on this in our next post!