If you’ve watched the news lately you will see ransomware, ransomware, ransomware all over the place. Some of you may ask: what is ransomware? Ransomware is simply a program that encrypts your hard drive and or files and asks for a sum of money in return for a decryption key. Ransomware can spread very easily and can cripple a network in matter of minutes, if not seconds.
How To Defend Short Version
Literally the short way to defend against ransomware is to simply follow best practices.
Well if you made it this far, I guess you really want to know what you can do to help yourself and your organization. Here is a list:
1. Train Everyone – Training is essential. Every employee of your organization needs at the very least awareness training. They need to know how to spot hazards and how to avoid them. Please include higher ups such as the CEO and other non-technical management staff in your training because they will be vulnerable to Spear Phishing attacks.
2. Install and Keep Your Anti-Virus Updated – In this day and age people still avoid updating their anti-virus and some even worse have none at all. This puts you and your organization at serious risk. Ransomware can also infect your mobile devices from phones to tablets so get to it. Some protection is better than none.
3. Stay Away From Sketchy Websites – A seasoned internet user may not fall for this and some know when to get out because it just doesn’t feel right. For those of you who have trouble identifying sketchy websites you can use an anti-virus such as Avast. It has a feature called Real Site. There is no free version available, but it helps a lot.
4. Don’t Torrent Anything – Many people don’t know this but a lot of torrents are infected with malware that can more than encrypt your hard drive and files. Black hat hackers use torrents to secretly steal people’s login information for websites like your bank, PayPal etc.
5. Implement a Paranoid Web Usage Policy – Network administrators: this one is for you. You can do a lot to protect your network. Ban everything except for what are known to be a safe sites. Even then you can’t fully protect your network because legitimate sites if their security is not up to par they can become infected and spread malware also. A good idea also is to set a rule to automatically delete web attachments in email once they hit your server. Email still is and will always be a popular infection vector. As network admins you can hold people accountable if you train them how to recognize and avoid threats. Perform a sting operation. Send out some prank malware and when they call you for help you say you didn’t do what you needed to do. Make sure you retrain them. Training is essential.
6. Keep Your Systems Updated – Time and time again people just don’t update their PC’s phones and tablets. It simple guys. As a network admin or security professional it is your job to make sure that all the PC’s are updated. Remember that Microsoft and other vendors and makers of software release updates that could potentially save you and your organization from disaster.
7. Perform Vulnerability and Penetration Testing – Sometimes you may feel like you’re safe when you really aren’t. If you perform this type of testing on a regular basis you can stay on top of things. It may be costly but would you rather lose a little money or A LOT OF MONEY? Just a little? I thought so.
8. Keep Up With The News – Yes this one might be a little boring but this could be the difference between your company losing millions of dollars or you just losing a few minutes of your time daily.
9. Log Monitoring – This one is hard to do I must admit. Combing through logs day after day will probably drive anyone insane but it’s a must. Many hackers try for months or even years to break into a system. If you can notice a pattern like failed admin login attempts after works hours – bingo.
10. Browse Forums – I would never tell anyone to browse the deep web but sometimes black hats know about vulnerabilities and ways to exploit them way before security experts. If you do decide to go there make sure you know what you’re doing but for the average Joe STAY FAR AWAY !!!
No system is ever secure 100% of the time. If you keep up with all that I have mentioned here in this blog you can rest assure that you have a relatively safe system. Remember to be forever a student and keep learning. The more you know, the better you can protect yourself.
Written by Joel Chang; Cyber Security Professional and forever a student of learning (CEH,Security+,Network+)