Yet again a major institution is in the news after being hit with a ransomware attack. This time it is the UK’s largest NHS trust that has fallen victim to hackers. The Telegraph reports that the four hospitals making up Barts Health Trust were hit by a malicious piece of software last week.
Thousands of files were locked by the ransomware which affected the trust’s Windows XP systems. We have already covered the risks of NHS trusts still using Windows XP, and explained why you need to upgrade if you are still using it. We can now add a further top ten tips to keep your business safe from ransomware attacks.
1. Virus Protection
You need up to date virus protection on workstations and servers. Ideally, you should use a cloud-based, monitored solution such as AVG – and not rely on free software for business use. A good virus protection solution is absolutely essential and should be the first thing installed on your computers. Don’t skip any updates and make sure it is allowed to complete its regular scans.
2. Resilient Backup
You need to do complete, separated backups at least once per day. Don’t just rely on incremental backups as if the backup as been infected you actually don’t have any backup at all. Separated full daily backups are rotated on a 3 or 4 week cycle. This means you do full backups for each day of the week, with three sets. This gives you 21 full backups at any given time (which may be on DAT tape, cloud backup or another backup system) and allows you to go back 21 days, which should be sufficient to reach a point where your files are no longer affected
3. Mail Server Setup
Your mail servers should be set up to filter .exe, .bat, .com and .vbs mime types (file types). If they don’t this is a significant risk as these files can carry malicious software and there is the risk of a member of your staff clicking on them, which infects your system from within. Take away the temptation and vastly reduce your risks by clocking them altogether.
4. Show hidden ‘known file extensions’
This can be setup by your IT experts. Instead of hiding the end of a file which shows the file type, you can force the system to show it. Some cryptolocker viruses have been found to fool you into thinking you are opening a pdf or image file when you are really opening an exe. For example the filename image.jpg.exe would ordinarily have the .exe part hidden by the system settings and appear as the harmless-looking image.jpg.
5. Keep On Top Of Updates
It can be a rustration, we know, but all those updates are downloading for a reason. Make sure all your software is up to date and patched: this includes operating systems and applications such as Microsoft office. If your system asks for a restart, let it do so in ordert to keep the system secure. The same applies to server environments. The restarts and installations may be configured to happen at times of low usage or overnight.
6. Use Official Software
Never use Cracked or Pirated software. As well as the obvious issues of copyright infringement, cracked programmes often have hidden malware included in them. This may not be a cryptolocker directly but it may be something that can be used as a trojan horse to gain access to your systems and implement a ransomware attack. Such attacks can happen months or even years after the system becomes infected, by which time it is too late for you to recover.
7. System Setup
Disable running of files from AppData and LocalAppData folders. This can be easily done from within windows and prevents one of the most common sources of malware infection.
8. Think Before Clicking Links
Do not open links sent via SMS messages to mobile devices. These will almost certainly lead you to a malicious site if you do not know the sender, and criminals can now hack the SMS system to impersonate real senders. We are seeing an increase in the number of attacks being launched through mobile devices, which can be an insecure backdoor right into your mail server and therefore your corporate network.
9. Use User Accounts Wisely
Do not use your windows PC with Administrator privileges, limit your user accounts privileges and set up user accounts for each separate user. It is quick and simple to set up a user account with no privileges to install software, and this is your first line of protection against malware. You should only access the system as an administrator in order to amend system settings or install software. Admin access should be restricted to those who need it, perhaps only your IT department, and should not be used as the default user account under any circumstances.
10. Implement Traffic filtering on your firewall
Your firewall is a line of defence against attackers from outside your network but can also be used to prevent internal users from misbehaving. By implementing traffic filtering you can dictate exactly what kind of data should be coming in and out of your network and allow you an early heads up if something is not as it should be. It can also prevent malware from ‘phoning home’ which can keep you safe while you have the infection removed.
If you suspect that you have a virus of any kind, immediately disconnect your machine from your network, remove the ethernet cable and disable wifi. If you are attacked, make sure you find where the breach happened: there is no point in just restoring a backup only to have it immediately infected again.
Digitalquill: Ransomware removal experts
Digitalquill are experts in removing and preventing malware and ransomware. For more information, call us on 01482 424402 or email firstname.lastname@example.org.