The big words in malware these days are CryptoLocker and CryptoWall, the two variants of an emerging group of malware known as “ransomware.” That term is a very apt categorization of what this type of malicious software does: it holds your data and files hostage, demanding ransom payment to unlock and regain access to your personal information.
CryptoWall has infected over 625,000 devices and more than 5.25 billion files in the past three years. One attack group extorted an estimated $325 million in the US alone in 2015. An online source states that a successful ransomware campaign can bring about $20,000,000 to the criminals. In other words, ransomware is here to stay.
Like most medical infections, the best course of action is not in finding a cure, but rather by taking preventative steps.
Here are few steps to take to avoid a CryptoWall or CryptoLocker infection, and save yourself a lot of money, and a lot of unwanted headaches.
Your first line of defense against CryptoLocker, CryptoWall or any malicious software is to keep active and up-to-date security software on your computer and networks. This software stays on guard for any suspicious activity, often able to prevent malware infection before any real damage is done. Although most sophisticated ransomware can bypass most well-known antiviruses, AV is just one of the preventative steps. Not having a good managed anti-virus is a grave mistake.
Please keep in mind, however, that buying antivirus solutions off-the-shelf will not protect businesses as much as working with MSP who bundle AV into their services and manages it 24/7. MSPs can ensure settings and rules are configured correctly, revisited frequently and adjusted as is needed.
Manage Network Traffic
You should strictly control what traffic is on your or your clients’ networks. Keep in mind that flat networks are particularly vulnerable to a massive malware infection. Networks should be properly zoned and that users see and interact only with the respective level of privilege required. Which brings us to our next preventative step:
A good rule of thumb is to use the Rule of Least Privilege. Simply put, users should only have access to what they need to do work, i.e. giving them the least amount of privilege required for them. It would be crazy to give all members of your clients’ organization unfettered access to the entire network or all devices.
Firewalls and antivirus combinations alone aren’t enough. Particularly for firewalls, consider using application layer firewalls. Make sure that they have the capability to the proxy, as well as a reverse proxy. Whenever possible, publish all services through reverse proxies, to avoid subject-to-object direct access.
Practice Safe Security Awareness
Most malware infections are a result of careless user behavior – clicking on suspicious links, opening up phishing emails, emails from unknown senders, visiting potentially harmful websites, etc. Documentation for safe security awareness measures is a good idea.
Even all the aforementioned preventative measures are not always enough to stave off this malicious malware. That is the reason why we recommend running regular backups of your important files and storing them on a cloud-based backup service. At least you’ll gain the peace of mind knowing that your backup copies can be safely accessed were the originals to be taken hostage.
A good rule of thumb is the 3-2-1 principle: three copies, two different media, one separate location.
Have a Business Continuity Plan in Place
It’s not enough to just adhere to the 3-2-1 principle; you need to have a full backup and disaster recovery plan in place. Creating a business continuity plan is a classic hope for the best but prepare for the worst contingency, one that might prove invaluable in your nightmare scenario of a Cryptolocker infection.
A comprehensive business continuity plan should at least include:
- a backup and disaster recovery solution,
- recovery time objective (to ensure as little downtime as possible)
- cost-of-downtime calculations