The last few days has seen various items in the media in relation to ransomware and how it has affected IT systems. Colm Whelan from Rockfield IT, has briefed us on what you need to know and do to help protect your organisation.
By now, you are probably aware of the computer virus known as Wannacry or WannaCrypt0r which has caused havoc in businesses and organisations worldwide over the past few days. It is important to realise that it’s not just large companies and organisations that have been affected by the ransomware. Ransomware has the ability to affect PCs in companies of all sizes. This ransomware attack appears to be random and not targeted so can infect any PC in any location. It is vital that all PC users are extra vigilant to ensure they don’t become a victim of this vicious virus.
What do you need to know?
- The virus can easily infect machines running operating systems Windows Vista and Windows XP as they no longer receive Microsoft security updates
- It can also infect newer PCs if
- The latest Windows updates haven’t been installed
- If you have blocked automatic Windows updates
- If you accidentally or unknowingly click on links within malicious emails. This is the main method through which the ransomware is being spread
- Security software is not up to date and running properly
How do I protect my business?
- Make sure your staff are aware that you should never click on links or open attachments in any email unless you are 100% sure that the email is authentic and safe
- Malicious emails can be made to appear as if they originate from a company known to you or can even appear to be from within your own company. Please exercise caution when opening any email attachment or following a link contained within an email, even if the email appears to come from a known source
- Beware of USB drives as an infection can be spread by plugging in an already infected USB drive to your computer
- Open Wi-Fi networks can allow an external party to connect to your Wi-Fi and infect your network
- The best way to decrease your chances of a malware infection is through a multi-layered approach to security
- Always ensure you install the latest software patches for Windows and ALL other applications
- Ensure your virus and security solution is up to date
- Add extra layers of security to email such as DNS and content filtering
- Ensure your critical data is backed up to multiple locations. Ransomware will infect any device that is attached to the PC so an offsite or online backup solution is the safest option.
- Never download programs from suspicious sites or install software that you are unsure of. Only ever install software from the developer’s website.
- On no account, should you use Peer-to-Peer file sharing software (e.g. BitTorrent etc.)
- Know that, even with all the above and more in place you could still be infected if you’re not vigilant, so never click on links or open attachments in emails unless you are 100% sure it is authentic and safe
- If you use SharePoint/OneDrive for Business/Box Sync/Dropbox or similar you should consider whether or not you really need to sync all of your files to your computer. If they are synced and your PC becomes infected then the malware will encrypt those files and upload them to the cloud. Cloud file sharing isn’t the same as a decent backup solution.
What if I get infected?
- Turn off the infected device immediately (hold down the power button for 5-10 seconds until all lights go out) and disconnect it from your network if it’s on a cabled connection
- Warn other users in your office to be extra vigilant, if possible disconnect the other PCs from the network as well
- Call us as soon as you can. If needed leave a clear message with a contact number. We will call you back as soon as we can.
- It is possible that the only way to recover your files will be from an backup. If you do have a local backup DO NOT attach it to the infected PC as the backup may then become infected in turn. If you use SharePoint/OneDrive for Business/Box Sync/Dropbox, ensure you stop synchronising immediately (by turning your computer off straight away) and use a web browser from an unaffected device to check for any recently updated files. If needed you should be able to restore the previous version.
- DO NOT PAY THE RANSOM UNTIL YOU HAVE SPOKEN TO US AND WE ARE 100% SURE THAT YOU CANNOT RECOVER YOUR DATA BY ANY OTHER MEANS. Paying the ransom just makes the “business model” work for the authors.
What can we do to help avoid this in future?
- The best prevention is done through layers of security including
- Staff and user education. Knowledgeable and aware people are your best defence
- DNS Filtering for web and email
- A secure gateway device at the entry to your local network
- Antivirus on every PC and server
- Antimalware on every PC and server
- Backups – including offsite
- If you don’t use Windows, you are still at risk to malware and ransomware. Historically, Macs were ‘safe’ because their small market shared made them less of a target. As their use has increased, they have become a more attractive target for malware writers. There are now many malware threats that specifically target Macs. Tablets and smart phones are not immune to malware either, so be vigilant on all your devices.
If you have any questions please let me know (ideally by email in the first instance unless you think that you’re infected, in which case call).
And finally, DON’T panic but DO careful!
Colm Whelan at Rockfield IT may be contacted at:
Unit 5 Castle Hill Business Centre, Castle Hill, Carlow, RD93 XD72 Ireland
Tel: +353 (0) 59 9158008