By now, you’ve certainly heard of Cryptolocker. And Cryptowall. And CTB-Locker. And probably Teslacrypt. Hopefully, you’ve not fallen victim to these awful ransomware variants. They’re nasty, malicious software designed to extort money from your business. Ransomware are computer programs that infect your computers, execute code to encrypt your files, rendering them unusable, then demand a money ransom in exchange for the decryption service.
Typically, the extorted money is paid to the attacker using a Bitcoin exchange. Bitcoin is a digital currency that is anonymous, protecting the attacker and placing the victim entirely at their mercy.
New variants of the original Cryptolocker just seem to keep showing up, and small businesses spend thousands, sometimes tens of thousands, recovering from the damage they wreak. A ransomware like Cryptolocker is the digital equivalent of a tornado–except the bad guys have the power to control the weather.
What’s worse, the newest ransomware variants spread very quickly, usually through e-mail and the web, so quickly that anti-malware programs don’t always have the measures needed to recognize them when they first hit the Net.
By some estimates, ransoms are earning the criminal programmers as much as 25 million dollars every month. But your business doesn’t need to be a victim of these destructive agents. In fact, we can show you how to galvanize your business against threats like Cryptolocker and its nasty cousins. The key to beating these guys is good old fashioned best practices: Those who operate their networks and computer systems according to best practices simply don’t have to contend with ransomware.
That’s right. It’s not about anti-virus software. It’s not about firewalls. It’s not even about backup cartridges or shadow copies. If you don’t have a policy of best practices in place, these tools will be useless. The cure to all ransomware is prevention–specifically, prevention through best practices.
So what are best practices on a small/medium business network? Let’s quickly go over my three favorites:
1. Don’t allow network users to run as local administrators. Granting a rank-and-file network user privileged access to their computer system (that is, making them an administrator on it) might give them more freedom and self-reliance, but if you don’t trust their judgment, it also leaves a gaping security hole that ransomware
might will take advantage of. This is the golden rule of ransomware preparedness: Don’t give local admin access (or network admin access!!) to any users on your system.
2. Don’t grant overly-permissive file access. Once a ransomware attack is underway, the ransomware will be impersonating the user who hatched it (that is, granted it the ability to run, whether intentionally or by being duped by one of those phony FedEx notification emails). That means, it will have the same permissions on the local computer and on the network as that particular user. So if that user has permission to a lot of file stores, so does the malware. Files stored on cloud services like OneDrive can even be damaged, if the user has been granted access to them. Minimize file access and compartmentalize file structures by isolating permissions to the fewest users possible–that’s the best practice.
3. Don’t permit the use of stupid passwords on your network. Many malwares will attempt to penetrate your system by taking advantage of accounts with easy-to-guess passwords. These might be passwords based on a dictionary word, or simple variants of the user’s login name. In order to be resilient against malware, passwords must be complex, long, and not based on real-language words.
These three bits of best practice advice are a good start if you’re trying to correct your business’s lazy posture regarding malware–but they just represent the tip of the iceberg. An organization who executes network/computing best practices from top to bottom and from bow to stern will never suffer from the devastation of crypto-ransomware.
Best Technology can help you with best practices right now, so give us a call.