The big words in malware these days are CryptoLocker and CryptoWall, the two stalwarts of an emerging group of malware known as “ransomware.” And that term is a very apt categorization of what this type of malicious software does: it literally holds your data and files hostage, demanding ransom payment in order to unlock and regain access to your personal information.
If that sounds scary and consequential, it should; CryptoWall has infected more than 625,000 PCs and over 5.25 billion files in the past 3 years. One attack group extorted an estimated $325 million in the US alone in 2015.
Simply put, this is a scary infection, one you don’t want any part of. And, like most medical infections, the best course of action is not in finding a cure, but rather in taking preventative steps.
Here are seven steps to take to avoid a CryptoWall or CryptoLocker infection, and save yourself and your clients a lot of money, and a lot of unwanted headaches.
Your first line of defense against CryptoLocker, CryptoWall or any malicious software is to keep active and up-to-date security software on your computer and networks. This software stays on guard for any suspicious activity, oftentimes able to prevent malware infection before any real damage is done. Many of your clients might choose not to pay for antivirus software; that would be a grave mistake. There are several free or low-cost options for both anti-malware and antivirus (AV). Here are a few:
*Included for all Continuum Partners
Please keep in mind, however, that buying antivirus solutions off-the-shelf will not protect SMBs as much as working with MSPs who bundle AV into their services. With your expert guidance, you can ensure settings and rules are configured correctly, revisited frequently and adjusted as is needed.
Manage Network Traffic
You should strictly control what traffic is on your or your clients’ networks. Keep in mind that flat networks are particularly vulnerable to a massive malware infection. Make sure that your clients’ networks are properly zoned and that users see and interact only to the respective level of privilege required. Which brings us to our next preventative step:
A good rule of thumb is to use the Rule of Least Privilege. Simply put, users should only have access to what they need to do work, i.e. giving them the least amount of privilege required for them. It would be crazy to give all members of your clients’ organization unfettered access to the entire network or all devices.
Like your mom used to tell you before going out on a cold day, the importance of layering up cannot be overstated. Firewalls and antivirus combinations alone aren’t enough. Especially for firewalls, consider using application layer firewalls. Make sure that they have the capability to proxy, as well as reverse proxy. Whenever possible, publish all services through reverse proxies, to avoid subject-to-object direct access.
Practice Safe Security Awareness
Most malware infections are a result of careless user behavior - clicking on suspicious links, opening up phishing emails from unknown senders, visiting potentially harmful websites, etc. Emphasize the need to be careful and extra-vigilant to your clients and the members of their organization. Documentation for safe security awareness measures are a good idea.
Even all the aforementioned preventative measures are not always enough to stave off these malicious malware. This is why we recommend running regular backups of your important files and storing them on a cloud-based backup service. At least you’ll gain the peace of mind knowing that your backup copies can be safely accessed were the originals to be taken hostage.
A good rule of thumb is the 3-2-1 principle: three copies, two different media, one separate location.
Have a Business Continuity Plan in Place
It’s not enough to just adhere to the 3-2-1 principle; you need to have a full backup and disaster recovery plan in place. Creating a business continuity plan is a classic hope-for-the-best-but-prepare-for-the-worst contingency, one that might prove invaluable in your nightmare scenario of a Cryptolocker infection.
Your comprehensive business continuity plan should include a backup and disaster recovery solution, recovery time objective (to ensure as little downtime as possible), cost-of-downtime calculations and, most importantly, a communication plan to ensure that your clients are assuaged and confident that you will get their business back up and running after such a disaster.
A CryptoWall or CryptoLocker infection can be devastating, but it doesn’t have to be a death knell with the right backup and disaster recovery processes in place. But don’t let it get to that point - be vigilant and be aware and avoid that CryptoLocker infection in the first place.
We've written more CryptoLocker and information security content since this post was first published. Check out:
- Preventative Tech Tips for Cryptolocker
- Keys to Cryptolocker Survival - You've Been Hit, Now What?
- 8 Vulnerabilities You Didn’t Know Existed in Your System Configuration
By Lily Teplow
By Lily Teplow
By Brian Downey