Ransomware has become a household word recently. With the attacks on American Healthcare facilities, large school districts and America’s core businesses, we have all unfortunately learned that ransomware is dangerous and lucrative to the criminals. These hackers are gaining millions of dollars every month from locking up unsuspecting victim’s files.
Just today, in a group that I am a member of on LinkedIn, there was a post looking for help after files had been encrypted. Once the files are encrypted IT IS TOO LATE. Even the FBI has said that the SHA-256 encryption is too good to crack and that you should pay to get your files back.
Businesses must act BEFORE an infection. This is a definite case of “preparation is key”. I talk to more than 3 businesses each week that have been affected. They all didn’t believe they were a target for hackers. They all say the same thing “I didn’t think this could happen to me.” Most are small business owners who generally have a false sense of security or have taken the “head in the sand” approach.
There are three key things you can do to protect yourself from Ransomware. I recommend you act today to implement these three key strategies.
- Backups. This is kryptonite to the ransomware epidemic. If a business has up to date backups of their data, there is no need to pay to get it unlocked. A simple restore from the latest backup will have your files back in working condition in no time. The drawback is: When was your last backup? Is it an hour, a day or longer? You can only recover to the latest backup so make sure you are running them on a schedule that makes sense for your business model. You must also ensure that the ransomware is completely removed from enterprise systems and every endpoint. Just like a virus, it spreads polymorphically (changing and evolving) across the network infecting as many machines as it can. You have to have a removal strategy once infected. This includes segmenting affected computers, running in-depth malware, virus and rootkit scans to ensure the infection won’t come back.
- Antivirus. You must have up to date antivirus running on every endpoint in the enterprise. From the point of sale system to back of house, every PC, Mac, server, and storage device must be running up-to-date antivirus. It is a good idea to have an antivirus monitor that tells you when machines are out of date or are not updating appropriately. There are some inexpensive antivirus monitoring tools out there that allow you to inventory your devices and also alert you to antivirus status. The drawback to antivirus protection against ransomware is that hackers are changing their algorithms every day to get around antivirus. Antivirus is signature based and it compares each file with known malware, viruses and ransomware. If you are unlucky enough to get a new variant, such as Locky, that is polymorphic or that is not known to your antivirus client, it still gets through. Due to the millions of infections each month, it is safe to say that not all antivirus is keeping up. With that being said, having up to date antivirus across the enterprise is one of the cornerstones of a solid cybersecurity strategy.
- Firewall Protection. Firewalls are much different from antivirus because they inspect all traffic coming into the business. Depending on the firewall brand, such as Axiom, the firewall will have deep packet inspection and some other key features that will scan packets for threats. One thing at Axiom that we have found is the specific protocol level communication that happens when a ransomware is activated on your network. Ransomware must obtain a Private Key to complete the encryption process. Without the private key, ransomware simply doesn’t work. We have been able to identify that exact communication and we block it at the firewall. By doing egress monitoring (which is doing deep packet inspection on traffic leaving the business) we can empirically stop ransomware from encrypting your files.
All of Axiom’s firewalls do egress monitoring, deep packet inspection, SSL DPI, and many other enterprise features. Our business model allows us to send out a fully configured firewall for your business. It is plug and play to install, such as plugging in a wireless router. We then manage it, monitor it and keep you up to date every single day with the new emerging threat definitions. There is no upfront cost for the device, just a monthly subscription for the monitoring and updating. You can save thousands over the cost of other firewalls, installation, configuration and maintenance from our competitors.
Most small businesses can’t afford a full-time IT staff, much less a cybersecurity expert on staff to keep the business protected. Call us today for a free consultation that is specific for your business. Our cybersecurity experts research the latest emerging threats and we update our firewalls each day to keep our clients on the cutting edge of protection. Our firewalls are unique in the fact that they don’t have to be restarted to be updated. Our firewalls are one of small group of security appliances that inspect traffic in both directions, going into and leaving the business.
Call us today for your free consultation.
1-800-519-5070 | www.axiomcyber.com