Ransomware attack prevention and infiltration have definitely made the front page of late.  Ransomware is literally holding people’s data hostage for ransom and about 200,000 Windows computers in more than 150 countries have been affected by this latest attack.  The media has like less than a minute per topic to report, solve, or prevent each nightmare topic.  How do you really prevent such an attack on your system?  There are some very basic measures you as an individual can take to prevent catastrophe.  We took a deeper dive into how to protect you and your organization from all aspects of this serious issue.

Training and Education

The best defense is educating employees on avoiding suspicious emails and links completely.  The individuals phishing have become really good at duping end users.   The next couple sections will feature some suspicious emails that I have personally received from my various email accounts.

Verify Your Email Address

The first one was received from my Hotmail account.   It says verify your email address.   To the malicious A hole who sent this:  This is nicely presented but I have no reason to verify my account.   Usually, you verify an account on the website you conduct business on.   Then it sends an email if the site is doing something called 2-factor authentication.  The second red flag you look at who’s sending it and that’s an immediate red flag.  Sometimes the email is not as obvious.  Anyway, I would have been doomed had I clicked that email.  The takeaway…

• Don’t click on an email you are not expecting. In a separate email, write back to that individual or organization to inquire if they did indeed send that particular email.
• Look at the headers. Usually, they are sloppy with sending through a gmail or Hotmail account.  Other times, they have compromised your business associates email.  (see third pic)

Please review this document or attachment

No!  Who is Francis?  Why would you talk to him?  Again, a user’s account could have been compromised but you should not be working with computer if you are randomly clicking on email or browser pop-ups.  Those people who are clicking for click sake are a liability off the balance sheet.

Legitimate Email Addresses

My friend Christina got caught clicking on this document.  Clicking the link caused the malware to sift and send more malicious stuff to her contacts.  Thus, it was perpetuating an already bad situation.  Why didn’t I click on a friend sharing a document?   I wasn’t expecting anything from Christina so all the sudden her legitimate email looked suspect.

Beyond Educating Staff.

We have all been fooled.  The important is to plan to soften the blow of an embarrassment.  Here are the next steps in Ransomware Attack Prevention for a big virus or malware attack so you won’t have to use our virus removal services:

• Update Your Workstation
  • The number one thing is run Windows Updates on all the workstations.  Make sure WSUS is running on your network for releasing the latest patches to all Microsoft Operating Systems in your network.  While Windows 7 is supported for Windows updates, it does not do as a good as job with malware prevention as Windows 10.  Plus, Windows 7 will have reached its end of life at the end of 2019.  NOTE: Running Windows 10 still contains ransomware issues like Windows 7
• Password Management
  • Never ever, ever, ever, ever place passwords in a Word or a Excel sheet.  Please utilize a secure password management system for managing your passwords and change your passwords often.  Read here for more information regarding password management.
• Remove unnecessary third party software
  • Remove Java, Adobe Flash, and VNC (RealVNC, TightVNC, etc) if you can.  Chrome has built-in Flash so removing that independent software should not prevent you from using Flash based sites.
• Perform a Network and Security Risk Assessment
  • This will assess your workstations, servers and security infrastructure among many other things in one holistic scan of your organization. Perhaps, you are a little smaller organization of under 10 workstations and you may think that’s overkill?  A $2000 is small price to pay compared to losing your business due client data being compromised or spending 10, 20, 30k from recovering from an attack.
• Update and Decentralize Services on Your Microsoft Server
  • Windows updates again are a critical component.   Having a rogue Windows 2003 Service machine is a definite no, no for meeting any governmental compliance or simply being confident that your data is secured.
  • Never ever place your file server data, DHCP, AD – DC, and DNS all on one server.  I suggest utilizing a Synology as your file server among other things.
• Update Your Synology Server or NAS and Backup to it!!
  
  • Network Antics is a Synology partner because they bring the costs down on otherwise really complicated software they have developed that works in tandem with their hardware. With that said, the + hardware works with the new file system called BTRFS.  BTRFS allows snapshot technology on your Synology file server that will provide the extra level of security you need to fight off an malicious attack.  Read more about upgrading your Synology.  This process takes five to 10 to 15 hours and is money very well spent.

Tell me more about backup…

When all else fails, use your backup.  There’s no one bullet proof backup.  I highly a multi prong attack towards backing up data.  Especially if you are managing backups yourself and there’s no Managed IT Service agreement in place proactively managing the backups for you.  Ransomware attack prevention can only go so far to protect you.  A solid backup is your last resort if disaster strikes.  Read up on backup solutions…

What’s my multi-prong backup approach look like?

Veeam – Backup and Replication software is your best option to restore your virtual servers from a disaster.  Just make sure those backup don’t get encrypted!

Synology – Use Synology with File Version in conjunction with Hyper Backup  to perform the file server data back.  At the clients, use Windows Sync Center to redirect your documents folder to the server for syncing for your data.

I don’t have Synology – Use Windows Backup, Carbonite, Baracuda Backup, and the list goes on and on.  Consult your IT professional

Virus Protection

Not all virus removal services are created equally.  Everyone has their favorite that they later fall out of love with because it was not as good or something else became better.   For me, it was ESET Antivirs and Webroot Cloud Solutions.  We wrote a year ago about how we troubleshoot ransomware problems in the past.  The problem just moved to the latest Windows exploit.

• ESET Cloud Administrator
• Webroot Secure Anywhere

 

But I already have protection!

More than 90% of the virus and malware protection won’t protect against Ransomware.  Plus, things change daily.  There’s no silver bullet.

More Security – Routers and Firewall

Ransomware attack prevention requires sophisticated network hardware security.  Your home office router definitely won’t help in an attack.  There are some gains  with Sonicwall’s $200 – $300 hardware.  Replacing your firewall with a more sophisticated Next Gen Firewall that is capable of scanning into SSL streams.  Specifically the SonicWALL TZ400 with Advanced Comprehensive Gateway Security Services (TotalSecure page).  The TotalSecure package contains modules that will specifically benefit larger businesses desire to decrease vulnerability to Malware such as Ransomware.  The specific modules include the Gateway Anti-Virus, and Capture Advanced Threat Protection (APT).  There is a price break in the annual cost of the TotalSecure package if you get one with a 3 year subscription.

Item	Quantity	Unit Cost	Total
SonicWALL TZ400 ACGS 1 yr.	1	$1,300	$1,300
Global VPN Client license	0	$40	$400
Implementation Labor	4	Call	$0
Total			$2,100

Managed Switches

A flat network will be the end of your network.  Please incorporate VLAN segmentation.  Utilizing the default VLAN should be avoided.

Malware (ransomware ) Removal

Malware Removal Utilities that tend to work for us:

ProTip! Make these utilities contain the latest definitions before utilizing

• Malware Malbytes
• Rkill
• TDSSkiller
• Eset Online Scanner and NOD32 Boot ISO

I think I infected my computer

Disconnect your computer from the network.  Do not reboot the computer unless you running the above utilities in Safe Mode.   Running a normal reboot will just infect the computer more.   Call your IT Support for virus removal services immediately.

Ransomware Attack Prevention and Virus Removal Services Summary

Again, there’s no silver bullet but having a holistic game plan when definitely place you on higher ground than individuals and organizations reeling from the latest attack.