Ransomware, is becoming more and more prevalent, and is one of my greatest concerns for all our contacts, not least because it is so destructive and has evolved in so many directions.
There are the email borne variants, website hacks, and now adverts on legitimate sites like Facebook, and any of the others. Small businesses are now being targeted specifically.
Whereas it was a straightforward email that would install a program like cryptolocker that chewed its way through your data, this is no longer the case.
This still happens, but there are also variants that just install an innocuous dropper that sits and pings in until it is called upon, when it downloads the encryptor.
You can now even buy the rights to install this ransomware on the open internet, so they install this dropper on 10000 machines and sell the rights to exploit these droppers.
You can buy on a monthly model, giving you access to so many installs per month, and even have a web console to see how its going.
There is no 100% fix, apart from cutting the internet, but the best options are layers, think of it like bullet proof glass, no single sheet can stop a bullet, but multiple sheets can.
Make sure you don’t just rely on AV, as this is ineffective, the main ransomware state that they can bypass AV in 3 mins.
Anti spam, preferably before it gets to the PC, can be effective.
Firewalls can be useful, but again anything that is signature based is vulnerable.
Often forgotten, but training, especially in conjunction with any HR IT training, new employee induction.
We have had one customer who was sent one for Natwest bank phishing, and he rang to say he didn’t have a Nat west account so he had contacted them and told them he was Barclays and given them those details, others that have said my AV said the email contained a virus, so I opened the pdf to see what it was, but it didn’t open it so I tried several times, and also sent it to a colleague to see if they had the same problem.
So reminders to staff to be vigilant, even at home, as these keyloggers can get their webmail logins if they have them.
90% of ransomware is DNS delivered, because of the massive turnover of IP addresses employed to stay ahead of the trackers.
So a good addition is to add a layer of DNS management, and keep passwords secure.
If we can assist with any planning or avoidance let me know.