Sensitive Data & Protection Against Ransomware In Small Business
In 2013 there were only 2 types of ransomware. By mid 2015 there were 9 variants. In 2016, ransomware grows and evolves with new variants with more sophisticated encryption and file destruction methods circulating.
Until now, cyber criminals have been randomly testing their ransomware exploit kits. 2016 trends are pointing to a possible new direction these hackers are moving towards - the data intensive business. This includes medical practices, hospitals, financial services and legal services industries.
The Evolution Of Malware And The Type Of Business It Will Focus On Next
Trends show a trail of attacks against hospitals and financial services firms throughout the year. Security analysts speculate on ransomware targets speculate that these industries will be heavily targeted moving forward.
By targeting data intensive industries, digital criminals can maximize their ROI. The reasoning is that the data of a sensitive industries is worth more than say, the data of a creative design agency, or a window cleaning company. Thus, higher ransom fees would likely be paid for decryption keys.
To promote faster payment of ransoms, some new ransomware strains have more advanced file destruction features built in. For example, one variant called “Jigsaw “ will begin to randomly destroy a set number of files if you try to reboot your computer, or if you fail to pay the ransom within a certain time frame.
The ransom is demanded in digital, difficult to trace currency such as BitCoin. This adds more risk to business owners because the process of setting up a BitCoin account can take upwards of a week. In the meantime, this ransomware strain could be destroying a large number of files. If you are a hospital, medical practice or legal firm losing data every few hours, the losses can add up quickly.
(Update - Jigsaw can now be decrypted for free, however new strains emerge regularly. With TeslaCrypt it was years before free decryption was possible, and then, only when the hackers archived the particular malware and released the decryption key.)
No one is too big or too small to be hacked. New hackers and new exploit kits are often tested randomly. Our team at TUCU have hands on experience assisting small business such as a salon and a professional office, as well as individual home users who have faced ransomware infection. Anyone can be infected intentionally or inadvertently. Protect yourself by implementing recommended computer and network security measures as outlined below. If you are unable to execute these security improvements yourself, hire professional help.
Protection Against Ransomware In Your Small Business
Regularly back up data and test your backups to ensure you can recover from them.
Use secure backup - this means your back up is not connected to your computers or network.
If you are using cloud based backup, avoid persistent synchronization methods as they can be locked by some ransomware variants (this includes software such as DropBox, Google Drive, OneDrive).
Do not open any attachments from unknown senders.
Inspect the URL’s or any links inside email body copy before clicking on them.
Avoid CEO phishing by confirming any out of the ordinary requests received from what appears to be a CEO, president or managing partner in your company. Do not reply to the out of the ordinary email. Instead confirm the request through a new email you initiate, or by phone, or in person.
Basic Computer Security
Limit access. All computers in your office should run on a standard user profile, separate from the default admin profile. This limits functions such as unknowingly installing software, including malware and ransomware on your computers.
Consider assigning an administrator password for all stations, which is only given to your IT employee or outsourced IT services company who can safely install new software for you as needed. This limits risk of infection by clicking bad links in phishing emails attempting to install malware on your computers.
Never download software from unknown sites.
Be highly critical of free software.
Ensure all computers are updated every week. All internet browser, software and operating system updates must be regularly installed to patch security holes and limit the risk of your computers being infected.
Disable macro scripts and consider using Office Viewer software to open Microsoft files received via email from clients and vendors. Infections can come from known senders as well.
Advanced Network Security
Install a commercial grade firewall with active web filtering.
Categorize data and limit risk via physical segregation. For example, for a small business, have a separate computer for managing your financial documents which is entirely separated from all other computers you use for daily email and web browsing activity. For sensitive data, consider a separate network, server or virtual machine on wikipedia - completely segregated from your daily email environment.
Consider application whitelisting for all your environments or for your separated, sensitive networks and servers.
Share this post with your team during your next team meeting. Regularly discussing cyber threats improves user knowledge and awareness and reduces risk. Human behaviour and lack of knowledge is the leading contributor to the success of phishing attacks.
If you do not have a trained IT professional on staff, hire a small business IT Services provider to assist you.
TUCU is an IT support company in Toronto and the GTA. If you would like to have your network security assessed, or need help with any aspect of your technology, please call us today. During your free consultation, your IT consultant will review your needs and provide specific recommendations to help you with your technology needs and business continuity.