The number one IT threat facing business today is Cryptolocker (randsomware). The reason why it is so dangerous is it will encrypt all files that a user has access to. Imagine the impact on your business if all files stored on network shares and drop boxes were effectively destroyed. The files cannot be recovered unless you pay the ransom and are issued with the unlocking key by the bad guys.
So how can you protect against crytolocker? You can’t! All we can do is minimise the risk. Ultimately if you get an email from Telstra or Australia Post saying to download a file and you go through with it, then you have been deceived into infecting yourself.
So what steps should you take to minimise your risks? We have developed a plan that we are in the process of rolling out to our supported clients. This blog is the start of that process.
- Inform and educate staff about cryptolocker and how it tricks them.
- Ensure that you have a good imaging backup solution, preferably one that incrementally updates every 15mins.
- Ensure that you have an offsite email washing solution, or one that updates itself real-time.
- Install a Unified Threat Management device (UTM). These scan incoming emails and web traffic again. Potentially they can block a nasty that has been clicked on.
- Have a good quality centrally managed Anti-Virus solution that is deployed to all the PC’s
- Make sure that all computers are fully patched.
- Lock file permissions on PC’s so that applications cannot be installed to certain directories.
- Restrict access rights to shared folders/files.
- Alter inbound MS Exchange transport rule to issue a warning if an email has certain file attachment types.
- Ensure inbound firewall rules will only accept email from your remote email washing service.
If, in a moment of temporary insanity you click on one of these links then all you can do is get your computer off the network FAST!! Pull the blue cable, pull the power cable, flick the battery out of your laptop and call for help immediately. Ransomware works fast and silently. It works through all the data that your computer can see and makes it useless.
If you have an email that looks a little suspicious call us to verify. Do not send it around your office for second opinions. The duh factor is a powerful force 🙂