We still run into business owners who have not experienced or have heard of a ransomware attack, so we thought now would be a good time to go over what the virus is, how it acts and then the steps that Peak Technology takes to protect clients. For small businesses, the damage from becoming a victim of crypto-ransomware attack could put them out of business.
What is Ransomware
The virus propagates via infected email attachments, in which phishing emails contain a zipped attachment with malicious javascript that downloads the payload to the individual’s computer who clicked on the attachment.
email example with malicious attachment
How Crytpo-Ransomware Acts
Once the malware payload is downloaded, the user’s local files, connected thumb drives, external storage devices and mapped network drives become encrypted. The malware then displays a message which offers to decrypt the data via a special software which can only be purchased using bitcoins, an almost untraceable digital currency, by a certain deadline. The longer you wait to pay the bad guys, the higher the cost to decrypt your files becomes. Even if you pay the ransom there is no guarantee that your encrypted files will be restored.
example of encrypted file
decrypt instructions
Mitigation
If your company is unfortunate enough to encounter this type of infection, below are a few steps start the remediation process.
- Isolate the infected PC immediately (disconnect the network cable) to stop any further damage.
- Contact your IT consultant to assist with any clean-up activities and ensure the virus has been completely removed. Depending on how long the infection was running for, the clean-up could take hours or days, if you had a proper backup plan. Unfortunately, any data that was not backed up properly will stay encrypted.
- Notify other employees, if appropriate.
How Peak Technology protects it clients from Crypto-Ransomware attacks
Endpoint protection
Modern threats use multiple vectors to attack, from malicious email attachments to infected web ads to phishing sites. Unfortunately, traditional Anti-Virus software use a signature-based protection method. This approach only protects end users once the threat is known, and after the vendor has created a signature and it has been updated on the endpoint, which is often too late.
Peak Technology is a certified partner of Webroot Business Endpoint Security. Webroot offers a unique security approach that protects against threats across numerous vectors: including email, web browsing, file attachments, hyperlinks, display ads, social media apps, and connected devices like USB drives. Webroot effectively stops malware and zero-day threats at the moment of the attack. Because SecureAnywhere Business Endpoint Protection is fully cloud-based, there are no definitions or signatures to deploy and manage. Malware detection occurs continuously in real time.
Email Security
Email continues to be a primary communication channel which makes it one of the most frequently exploited threat vectors. Email-borne data breaches, data leaks, business disruptions as well as compliance and litigation searches cost money and reputation. 91% of hacks started with a targeted email attack, from highly sophisticated phishing campaigns, targeted zero-hour attacks and data theft targeted at risky user behavior.
Peak Technology chose to partner with Barracuda to protect their clients from complicated Email threats. Backed by Barracuda Central, with over 170,000 active sites reporting threat intelligence across all potential vectors. Advanced Threat Protection(ATP) by Barracuda combines behavioral, heuristic, and sandboxing technologies to protect against zero hour, targeted attacks and ransomware variants like Locky and CryptoLocker. ATP automatically scans email attachments in real time; suspicious attachments are detonated in a sandbox environment to observe behavior. Link protection redirects suspicious URLs so malware is never inadvertently downloaded by recipients.
Backup
Delivering Availability for physical and cloud-based servers, workstations and remote workforces is a challenge for any organization. Everyday occurances such as lapses in connectivity, hardware failures, file corruption, ransomware and theft can leave an organization’s data at risk.
Peak Technology is a Registered Pro Partner of Veeam Backup software. The Veeam Availability Suite provides The Veeam Agent for Microsoft Windows delivers new functionality for physical and cloud-based servers and workstations which leverages the hybrid cloud for backup and recovery, including:
- Enterprise-level backup and recovery: Get complete protection for both workstations, physical and virtual servers
- Cloud-based backup and recovery: Back up directly to a Veeam Cloud Connect repository
Veeam has multiple options to assist your company but a network assessment would be required to determine which solution works best for your environment.
Backup, spam-filter and a strong Anti-Virus are just the first barriers of defense Peak Technology uses to protect their clients. There are multiple other best practices that need to be implemented network wide, including teaching end-users the proper way to handle potential threats.
If you would like to discuss how Peak Technology can help protect your business give us a call or send us an email. Press CTRL + D to bookmark this page.