Ransomware infections impact individual users and businesses, regardless of size or industry, by causing service disruptions, financial loss and, in some cases, permanent loss of valuable data. In 2016, the number of ransomware attacks increased 300 percent from 2015, with over 4,000 attacks detected per day, according to US government statistics. WannaCryptor (WannaCry), the most recent version of ransomware, has targeted businesses in more than 70 countries around the world, with more than 250,000 infected terminals so far.
By late Monday, cybersecurity officials said the globe-spanning WannaCry cyberattack had largely been contained, though governments and companies are likely to continue disclosing instances of infection for days or weeks as they get a better handle on the scope of the attack, the WSJ reports.
The FT reports that "at least a dozen other NSA tools are currently being discussed and worked on as the basis of potential new cyber weapons on hacking forums on the dark web."
Here are the top tips to stop your business being hit by WannaCry ransomware:
- Keep your computer up-to-date. Deploy the MS17-010 hotfix and update your local anti-malware solution immediately.
- Backup your data
- Manually disable the SMB protocol, if you’re not using it
- Run endpoint protection on your desktop, laptop and smartphone
- Keep you and your colleagues clued up about computer security threats
While ransomware infection statistics are often highlighted in the media and by computer security companies, the FBI usually faces challenges ascertaining the true number of ransomware victims as many infections go unreported, according to the Bureau.
The FBI also recommends users consider the following prevention and continuity measures to lessen the risk of a successful ransomware attack:
- Regularly back up data and verify the integrity of those backups. Backups are critical in ransomware incidents; if you are infected, backups may be the best way to recover your critical data.
- Secure your backups. Ensure backups are not connected to the computers and networks they are backing up. Examples might include securing backups in the cloud or physically storing them offline. It should be noted, some instances of ransomware have the capability to lock cloud-based backups when systems continuously back up in real-time, also known as persistent synchronization.
- Scrutinize links contained in e-mails and do not open attachments included in unsolicited e-mails.
- Only download software – especially free software – from sites you know and trust. When possible, verify the integrity of the software through a digital signature prior to execution.
- Ensure application patches for the operating system, software, and firmware are up to date, including Adobe Flash, Java, Web browsers, etc.
- Ensure anti-virus and anti-malware solutions are set to automatically update and regular scans are conducted.
- Disable macro scripts from files transmitted via e-mail. Consider using Office Viewer software to open Microsoft Office files transmitted via e-mail instead of full Office Suite applications.
- Implement software restrictions or other controls to prevent the execution of programs in common ransomware locations, such as temporary folders supporting popular Internet browsers, or compression/decompression programs, including those located in the AppData/LocalAppData folder.
Additional considerations for businesses include the following:
- Patch all endpoint device operating systems, software, and firmware as vulnerabilities are discovered. This precaution can be made easier through a centralized patch management system.
- Focus on awareness and training. Because end users are often targeted, employees should be made aware of the threat of ransomware, how it is delivered, and trained on information security principles and techniques.
- Manage the use of privileged accounts by implementing the principle of least privilege. No users should be assigned administrative access unless absolutely needed. Those with a need for administrator accounts should only use them when necessary; they should operate with standard user accounts at all other times.
- Configure access controls with least privilege in mind. If a user only needs to read specific files, he or she should not have write access to those files, directories, or shares.
- Use virtualized environments to execute operating system environments or specific programs.
- Categorize data based on organizational value, and implement physical/logical separation of networks and data for different organizational units. For example, sensitive research or business data should not reside on the same server and/or network segment as an organization’s e-mail environment.
- Require user interaction for end user applications communicating with Web sites uncategorized by the network proxy or firewall. Examples include requiring users to type in information or enter a password when the system communicates with an uncategorized Web site.
- Implement application whitelisting. Only allow systems to execute programs known and permitted by security policy.