Technology

How to Prevent Ransomware: Follow These Four Tips

By / Mar 22, 2016 (Associations Now illustration)

The recent rise of ransomware as a threat to the enterprise, a potentially costly one that could put your nonprofit on the hook for a hacker’s large, unexpected bill, is something no IT executive should ignore. Here’s how to prevent ransomware from taking over your association’s file systems. (Long story short: It comes down to preparation and planning.)

Ransomware—a malware variant that encrypts files and requires payment of hundreds or thousands of dollars to remove the encryption—is not something to mess around with.

Unlike in the Cold War-era blockbuster WarGames, no global thermonuclear war is involved (certainly a plus), but the next worst thing is generally at stake—cold, hard cash, often requested in untraceable forms of currency like bitcoin.

And this cybercrime is becoming harder than ever to ignore. In recent months ransomware attacks have hit school districts, hospitals, charitable nonprofits, and numerous businesses, large and small.

Even more disturbing is that cyberattackers are getting more ambitious and increasingly clever about their strategies. Earlier this month ads filled with malicious JavaScript-based software were plugged into ad networks used by some major news websites, meaning that, for a short while, reading The New York Times online could put you in as much danger of installing ransomware as reading The Pirate Bay.

The most recent attacks were well-planned, apparently taking advantage of an online marketer’s vacated domain name to distribute malicious malware to legitimate sites.

“We are currently seeing extraordinarily huge volumes of JavaScript attachments being spammed out, which, if clicked on by users, lead to the download of a ransomware,” the security firm TrustLabs warned, after the ad attacks hit. “Ransomware encrypts data on a hard drive and then demands payment from the victim for the key to decrypt the data.”

There are many varieties of ransomware out there. CryptoLocker, the grandaddy of them all, is infamous, but more recent variants, such as TeslaCrypt, are no joke. In fact, TeslaCrypt’s high level of encryption may make this ransomware near impossible to get around, even with a cleaning tool.

There’s even one reported case of Mac ransomware, though KeRanger was caught before it managed to spread significantly.

Wondering how to prevent ransomware from ruining your organization’s computers or networks? A few points of advice below:

Back up your data—frequently. If your files are valuable enough that ransomware could cause a major disruption in your work, it’s a good idea to make sure those files exist somewhere else that cybercriminals couldn’t easily access—say, on an external hard drive that isn’t directly connected to the network. Removing the ransomware will still be a pain, but the threat of encryption becomes an empty threat if you have a backup of your files handy.

Be mindful of file permissions. Ransomware can have negative effects on a network level, and that means file servers that you rely on may be susceptible to encryption-based attacks. For systems administrators, the best defense, and one recommended by the security firm Sophos, is to limit file-permission access as much as possible, ensuring that files can’t be rewritten by lower-level employees—or by malware that is working with those employees’ level of access. “So, any file, on any drive letter or network share, that you can locate and access with a program such as Windows Explorer can be located and accessed by CryptoLocker,” the firm’s Naked Security blog explains. “That includes USB drives, network file shares, and even cloud storage folders that are made to appear as a drive letters by special software drivers.”

Vet your cloud provider. Just because cloud services aren’t directly hooked up to your network doesn’t mean they aren’t at risk. Earlier this year security journalist Brian Krebs described a ransomware attack that hurt a business that was using a cloud provider. The attack, which involved an earlier version of TeslaCrypt that was easier to defeat, nonetheless put the company in a challenging situation because it took nearly a week for the cloud provider to restore the hijacked files. Services like Dropbox make it possible to bounce back from encryption losses by allowing users to restore previous versions of files. And when doing your due diligence, make sure you understand how your cloud provider can protect your data and recover it in case of a malicious attack.

Keep your employees mindful of risks. Many technical problems have human roots, and the spread of ransomware definitely speaks to that. The example that Krebs highlighted came about after a user opened an email attachment that was alleged to be an invoice. (It wasn’t.) One of the most important ways for IT staff to prevent a situation like this is by providing proper training. Like a spilled glass of milk, it’s much easier and cheaper to prevent a disaster than it is to clean one up, and there’s less broken glass to deal with, too.

Has your association dealt with any ransomware headaches? Any war stories? Share your thoughts in the comments below.

Ernie Smith

Ernie Smith is the social media journalist for Associations Now, a former newspaper guy, and a man who is dangerous when armed with a good pun. More »

Comments

Leave a Comment