If you’re syncing your files to the cloud without versioning, the encrypted files will overwrite the good copies during the next cloud sync. The backup media needs to be “air-gapped” or physically disconnected in order to be protected.Īlternately, cloud services are becoming more and more popular for backup, but versioning capabilities is most important. Ransomware will simply infect the backups. Backing your files up to your external hard drive doesn’t do much good if the external hard drive is constantly connected. The best strategy is to ensure you have frequent backups that are taken offline. You would simply need to disable the protection any time that you needed to update that particular software.Įven with the above tactics, ransomware isn’t entirely preventable. This means that some legitimate software updates will fail to run (usually with an error message). One note of caution, this will prevent any executable from running, regardless if it’s good or bad. Their free version will allow you to lock down the most commonly abused folders. CryptoPrevent ( ) is a piece of software that you can run on your machine to easily lock down these folders. Unlike a traditional antivirus, this methodology isn’t continuously running, using up CPU and RAM resources to scan files when they are loaded. You can do this by preventing executable files from running in folders that viruses and other malware like to reside. There is another methodology that can be used to prevent ransomware, as well as some other viruses. Not to say that there is anything wrong with their software, but it’s important to understand that no protection can stop everything. None of their databases detected the ransomware as a virus. In other words, having Symantec, Trend, Microsoft Endpoint, AVG, MalwareBytes, or Kaspersky installed on the machine wouldn’t have helped in this instance. Submitting the ransomware to be analyzed against known viruses showed that only two out of 57 leading virus databases would have detected it. The customer had competent IT staff who was running well known anti-virus software on all of their computers, but it did not stop the ransomware. The email looked innocent enough, and could have been a legitimate customer’s order. However, it would be a mistake to reprimand the order entry person. They were lucky.īeing able to be part of the forensic analysis, I was able to conclude with their IT personnel that this all started because an order entry employee opened up an email attachment containing the ransomware. The IT staff was able to get the files restored from backups. This meant even the order attachments and machine interface files were encrypted, as well as any other shared network folders for their other business files. This particular ransomware didn’t just hit mapped drives, it looked at all network shares that the customer had connected to. During a recent visit, one of my customers got hit with ransomware. I’ve read or heard enough horror stories from ransomware, but have had the fortune of not dealing with it up close. Sometimes they send you the key, sometimes they don’t. In order to get the key, you have to pay anywhere from $500 to $50,000. The files can’t be accessed without the key. Ransomware works by encrypting all of the files on the network with a key. Ransomware is much more nefarious and is becoming an increasing and dangerous threat. Most malware in the past would simply turn your computer into a zombie slave and force into a botnet, or try and gather as much personal information for identity theft. If you haven’t heard of it, you should really pay attention. It’s an awesome experience and I’ve learned a lot from individuals all over the world. There is a massive threat to any network that has any seasoned IT professional concerned. Working at FeneTech, I have an opportunity to see a lot of different networks and work with IT professionals with varying degrees of expertise. Piscitelli warns of the dangers of Ransomware in his latest post, “Pay up, or never see your files again!”, outlining this ominous threat to your company’s files, but offering ways to ward off the bad guys.
0 Comments
Leave a Reply. |