Many customers in our area have been hit by the CryptoLocker attack and other ransomware trojans and we wanted to review this and how to prevent an attack from hitting your network and how to quickly recover should one occur.
Ransomware is an intrusive type of malware designed to encrypt all known data that a person has access to and hold it hostage until the person pays the creators in a form of crypto currency known as Bitcoin. Generally, the encryption is impossible to crack, and requires several layers of active protection to limit the damage that this type of malware can cause. The encryption is not just limited to an infected computer, but also any network drives and servers that the user has the ability to write to. Ransomware does not require the infected user to be a local administrator, and the methods of infection are vast, including infected email attachments and simple infected advertisements on web pages. This type of malware is dangerous for a normal user, but extremely dangerous for the operation of a company. Often higher level employees are targeted because they generally have more access to a company’s data than a normal employee, which can make the attack more severe.
We will review the multi-tiered approach to assist in preventing, and quickly recover from a ransomware attack.
The first step to preventing malware is at the edge of your network. This involves a statefully aware firewall with Gateway Anti-Virus and Anti-Malware. Having this in place can stop an attack before it enters the network, but as the developers of ransomware are experts in their field, this normally only helps with attacks that are already known which are usually more than a few days old. Southern Solutions offers a Network Security Solution that includes an advanced firewall and active subscription updates for new threats as they are discovered. For more information, click here.
Application prevention is a method of locking down computers so that they cannot run any applications other than those that are “white-listed”. This is not just a best practice for corporate networks, but is also highly effective against malware infections. Contact us for more information on how to set this up.
File Server Monitoring
Utilizing File Server Resource Manager it is possible to monitor all network shares to look for encrypted file extensions (i.e. .locky) and shut down the shares when these files are detected. While it is a concern to shut down file shares at any time, it is generally considered acceptable versus the alternative of having the data on the shares encrypted.
We recommend partnering with a global DNS provider to prevent the malware from contacting its central servers. If the malware cannot “call home” then it will never begin the encryption process, even if a computer is infected. We partner with a known anti-malware DNS provider called OpenDNS by Cisco, as they are considered the leader in the industry.
The single most important part of recovering from data loss is frequent, successful, and verified backups. All of the prevention steps above can be put in place to help in preventing these types of attacks but there are many other situations that can require having your data backed up offsite. These can include hardware failure, natural disaster, fire or even disgruntled employees. We provide a redundant, offsite, secure backup solution to our customers at a very competitive rate without having to send your data into the cloud. Because we host the backup solutions, we control and host the servers ourselves so if there is ever a question of where your data is, we can point you to the servers. For more information on our Redundant Offsite Backup Solution, click here.
Southern Solutions provides Managed Network Services & IT Support to more then fifty small businesses, non-profits and religious organizations in Southern Maryland. We specialize in proactive support and provide both onsite and remote assistance. Southern Solutions specializes in virtual servers, cloud services, security services, IT staffing services, network design and wireless networks. For additional information, click here.
Contact us for more information.