Ransomware is becoming more common due to the success the creators are enjoying due to the improvement of their methods.  What were once simple text-based phishing emails are becoming very realistic looking “corporate” fakes.  The newer generation of malicious coders creates very realistic looking content that includes corporate logos and some real information from the company’s website to make their content more believable.  At the same time, they are becoming more skilled at bypassing in-place security methods. Not every attack can be stopped, but the vast majority can be thwarted by following a few recommendations.

‍

Make sure all your corporate computers are running the most current antivirus software

Start with an antivirus software on every computer and server on your network.  Although different antivirus packages each have their strengths and weaknesses, most known threats are recognized by most antivirus software.  Don’t let your company get infected by a well-known threat by having unprotected computers on your network.

‍
Please don’t make your users administrators on their computers

‍
Users having local admin rights on computers makes them more vulnerable to ransomware.  A user lacking access to install the ransomware may be enough to stop malware from installing.  Some malware may still be able to find a way around this, but for the most part, it is still a good habit to have computers secured against users installing any software, malicious or not.
‍

NextGen Firewalls – Stop malware before it gets on your network

‍

Block most known ransomware at the firewall.  NextGen firewalls can identify malicious code as it attempts to travel thru the firewall.
Many attacks can be stopped right on the firewall and will never reach the LAN or the end-user.
‍

Spam filtering

‍

Many email services today offer some built-in spam/malware filtering.  Additional pre-filtering does catch more spam and malware than the ‘built-in’ style filtering included in your email service/server.  Several options such as SpamTitan exist for pre-filtering spam and malicious email content before it even reaches your email server or service.

Does your user know how to identify malicious emails? Do they know what to do when they receive them?

‍
To say that user training is the most important part of your security arsenal is an understatement.
Although technology companies offer great solutions to protect your systems, new attacks that are unknown can bypass these systems.  User behavior is still THE best way to stop a new attack.  Have your users trained by professionals who can teach them some of the methods we use to identify malware.

Employee response testing – Test your users regularly to make sure they are able to identify threats and phishing schemes and know what to do when they receive a suspicious-looking email.  ITecs offers test campaigns that send users test spam messages to see how they react. Reports are generated so that management can identify users who click on the links instead of reporting the spam so that they can receive further training.

‍

Make sure you have good backups

Even with all the best tools in your security arsenal, infections happen every day.  Having good offsite/offline backups is the best solution to protect against damage from ransomware.  Having good backups means you not only get your data back on your own schedule, you also get it back for free.  Just wipe the infected systems and restore from backups.  Ransomware attacks work by encrypting the files.  This means the files still have to be decrypted once the ransom is paid, and it can take hours or even days to get all your files back.
The worst part is not knowing how long this will take.  Restoration from backups is usually faster, and if you’ve been testing restores, then you already know how long it will take to recover your files.

‍
Have an overall plan

‍
With all these precautions in place, your company can survive almost any malware attack.  The more of them that can be put in place, even if not all, still improve the chance that your company will recover without paying a ransom.