[ Thursday, July 21, 2016 ]
Ransomeware: 4 steps for fighting it.
Jeff [11:13 AM]
I'd add my own 4 steps, if I haven't already:
- Patch management and current virus software: whenever vulnerabilities are discovered in software, the developers usually send out patches. Make sure your organization is signed up to get those patches and promptly applies them. It's extremely unlikely you'll be attacked between the time the vulnerability is discovered and the time the patch has been provided; usually, however, businesses don't apply the patches, or don't sign up to get them, and it's a relatively old vulnerability (for which a patch is available) that is ultimately exploited. Same with virus protection software.
- Limit connectivity. Computers that aren't connected to the internet can't get infected by the internet, at least not directly. Don't connect computers unless you have to, and if you do, make sure your connectivity architecture is simple, logical, and traceable. If there's only one gate into the city, there's only one place to focus your protection efforts.
- Have good backups. Ransomware is designed to scramble your eggs. If you can just throw those eggs out and replace them, then you won't need to pay the ransom. Dealing with a ransomware attack is still enough hassle that you want to take all other other steps, but worse case scenario, good backups thwart any ransomware attack. Delete the infected files, scrub the system, and reinsert the backups.
- Train your staff and be prepared. Most ransomware comes from phishing or other social engineering. Most attacks are pretty clumsy, too, if you have the slightest clue what to look for. Make sure you staff has the slightest clue; better yet, make sure they have some pretty good clues. And make sure your organization is ready for any hack, whether it's ransomware, DDoS, or date theft. Who ya gonna call (when something looks funny in the system)? If your team doesn't know the answer, you aren't ready.
Blogger: HIPAA Blog - Edit your Template