Over the past year, we’ve seen ransomware grow and evolve at a rate we’ve never seen before. In fact, the FBI reported ransomware to be a $1 billion-dollar source of income for cyber criminals in 2016—and this year it’s showing no signs of slowing down. Any company or organization that depends on daily access to critical data—and can’t afford to lose access to it—should be most worried about ransomware. This includes the clients you serve and aim to protect. As an MSP, what exactly should you know about the threat of ransomware, where it’s headed and what steps can be taken to keep your clients protected?
Recently, Webroot Senior Threat Research Analyst, Tyler Moffitt joined Continuum for a webinar titled, "2016: The Year of Ransomware - Encryption by Any Means Possible." During the presentation, Moffitt reviewed the top IT security headlines of 2016, gave predictions for the future and highlighted some key tips for preventing ransomware. After reviewing the impact that cybercrime had in 2016, it's clear to see that preventing ransomware should be a top priority for you and your clients. Here are five easy-to-follow tips that you can use to prevent clients from being at the mercy of hackers this year.
1. Deploy Reputable, Multi-Layered Endpoint Security
The best way to combat malware is to never let it infect you to begin with. I know this might be easier said than done, but having reliable endpoint security is important in making this possible. The key here is being proactive. A static blacklist is just not good enough. When it comes to phishing, for example, the life cycle is less than two days. In fact, according to a study conducted by Webroot, over 10 percent last less than 15 minutes and over 84 percent last less than 24 hours. Deploying endpoint security that can protect web browsing, control outbound traffic, protect system settings, proactively stop phishing attacks and continuously monitor individual endpoints will allow for a more robust and multi-layered approach to security.
2. Deploy Backup and Business Continuity Recovery
If the first line of defense fails and clients do encounter a crypto-ransomware infection, your best choice is to recover data and minimize downtime. The best way to do this is by using a cloud-based backup and disaster recovery (BDR) solution. Let’s imagine that a client is hit with a cryptic ransomware. Suddenly, all of their files are encrypted and they won’t be able to access what they need to keep operations running normally. You need to be able to run a backup on the system from a date before the infection hit to get them back up and running.
When you leverage Continuity247®, our fully-managed BDR solution, the backed up data will be stored on a local appliance and can be replicated offsite to the cloud, so your clients can enjoy true peace of mind knowing that business continuity will be maintained should they get hit by ransomware.
3. Disable Macros and Autorun
This is a big one. Every single macro from a Microsoft® Office document can be prevented by turning them off completely in the Trust Center. There is almost always a workaround for any task that you would need to enable macros for. By disabling completely, you are eliminating the entire attack vector, which is what Locky used almost exclusively for some time.
4. Create Strong Windows Policies
Consider using Windows Policies to block certain paths and file extensions from running. When varying levels of access are required, you can set up these policies in groups. This will help you reduce the amount of variants that could be posing a threat. Windows creates local copies of files using the VSS copy service. By using Windows Policies, you can block access to the service and help stop ransomware like Cryptolocker from erasing local drive file backups. The best part is, you can do this for free!
5. Educate Users
The user is often the weakest link. As long as employees are unaware and uneducated on the risks of the Internet, malware will continue to thrive. Go above and beyond to educate clients on the dangers of malware and ransomware and how to recognize warning signs. Don’t just use the standard, generic slide show or security quiz that is rolled out once a year. There are services available that will simulate attacks by periodically sending employees fake phishing emails to see who is not following security best practices. If you don't want to go that far, there are in-depth phishing tests available that do a great job of highlighting the subtle differences between phishing attempts and legitimate messages. Whichever you choose, it’s important that you not only provide clients with the technical support they need, but the educational support as well.
For small- and medium-sized businesses, going through a security breach could lead to closing the doors for good. Sometimes the money lost due to downtime is too much to overcome, other times the reputation bruise that comes with an attack leads to the demise. Whatever the case, it is your job as an MSP to keep your clients' best interest in mind and take every possible measure to prevent a ransomware attack.
As mentioned above, the five tips were just one segment of Moffitt's webinar.
By Lily Teplow
By Brian Downey
By Dave LeClair