By: Andy Sherman on August 4th, 2016
6 Simple Steps to Reduce Your Ransomware Risk
What is Ransomware?
It seems that hardly a day goes by that we don’t read about a new strain of ransomware or a new victim of a ransomware attack. Ransomware is malware that encrypts the user’s or organization’s files and demands payment for the decryption key. The ransomware business model is often one that provides friendly customer service and really does deliver the key in exchange for the requested amount of Bitcoin. However, there is no guarantee that they will, and they don’t always, so it’s not a long term strategy for protecting your enterprise to depend upon the good will of criminals.
Of course, if you are struck by a ransomware attack, and you don’t have good offline backups of the data, we can’t tell you what to do. Whether or not you pay up is a decision based on the cost to your business of losing the data forever. But I think that we all agree that paying money to criminals is ultimately bad for all of us, and we’d all be better off if we could avoid having to make that choice.
This post will outline some relatively easy steps you can take to prevent some of the most common types of malware attacks. Nothing is foolproof, of course, but you can raise the bar for the attacker. Eventually they will up their game, and then we’ll have to as well.
How to Reduce Ransomware Threats
- Run scheduled backups on all data, and keep offline copies. If you do get infected with ransomware, how you deal with the criminals depends on whether or not you need them to restore your data. Regular backups are your best defense against extortion. Be sure to keep offline copies, or the ransomware will be able to encrypt your backups as well.
- Set Office to require that all macros must be signed. When an Office file contains macros, the user is presented with a button to choose whether or not to enable them. With this setting, that button ONLY appears if the macros are signed with a certificate that is trusted. Since malware writers do not sign their macros, this will stop them. In order to allow legacy unsigned macro in your organization to run, you can set up a trusted location from which unsigned documents can be executed. Both of these settings are in the Group Policy section of Microsoft Trust Center.
- For Office 2016, use the new security setting to disable macros on mail from the Internet. A new security setting in Office 2016 will disable macros in any file from the Internet. If you set it in group policy, the user cannot override it.
- Patch all workstations and servers. This means patching both the OS and all applications. Malware often needs to exploit unpatched vulnerabilities to elevate its privileges or spread across your network. You can make their job harder by closing the holes as patches become available.
These steps are not a panacea, but following them will reduce your risk of getting infected by ransomware, and make it possible for you to recover your data without paying the ransom.
About Andy Sherman
Andy Sherman, Eden Technologies’ security practice lead has a PhD in physics from Rensselaer Polytechnic Institute and started his career in the academic world. He then went to AT&T Bell Laboratories where he discovered the power – and hazards – of large distributed computer networks. It was also at Bell Labs, during the early days of the Internet, that Andy became interested in the security problems associated with public networks. From Bell Labs Andy moved to the financial services industry. There he worked on a large range of infrastructure design, deployment, and management projects, but is best known for his 15+ years in information and technology security.