Ransomware Just Got More Dangerous - What You Need to Know
Your Data May Be At Risk
A frightening peril hanging over many small-to-medium businesses nowadays is the threat of a ransomware attack on their computer systems. Having online extortionists shut down operations is, of course, a major concern of large businesses and public institutions, but for the smaller entities, it could mean more than just inconvenience but even bankruptcy.
Wait a Minute… Don’t Hackers Only Rob From the Rich?
Although the “NotPetya” virus, the major online attack launched June 27, 2017, adversely affected such high-profile, household names as confection manufacturer, Cadbury, drug company Merck and small package carrier Fed-Ex, even Leduc-area companies are reporting ransomware emails in their inbox. Web protection provider, Kaspersky, states the number of web users who had a ransomware attack grew by 11.4% over the previous year to 2,581,026. This means it’s not just big business which is in jeopardy but everyone.
Oh no! What Should I Do to Protect My Business?
1. Educate Your Staff
To save yourself from these evil extortionists, stay current on how each new threat works and share that knowledge with your entire staff with no exceptions. No matter how careful you are with your own processes, if an employee unknowingly opens the wrong email and clicks on the bait link, you’re still just as hooped. Ensure they all know they must never open any emails from unfamiliar senders and, if they do, to never, ever click on any links without hovering the cursor over the link to see what the actual URL is. Here is an example of such an email sent to Mike here at INM. Note the link appears to be a legit CRA link, but hovering over the link reveals it is actually for buyweaponsonline.com. (Visit this URL at your peril!)
PRO TIP:: Revenue Canada doesn’t send emails to advise of refunds or that you owe them money. If you feel it may be a legitimate email from the CRA, phone them directly at 1-800-267-6999.
2. Double-check ALL emails with links or attachments.
It is a good practice to instruct all employees to confirm emails with attachments that they weren’t expecting, even if it’s from a trusted colleague. Call or ask the sender before opening the link or attachment. Ask them if they sent you the file or link before you open it.
3. Threats Evolve, now attacking unmapped drives.
Keep up-to-date on the latest cyber attacks via tech news on your favourite news sites such as Yahoo news, Google news, etc. Hackers often tweak their code to bypass security patches. For example, previous ransomware versions would only look at the drive letters on your computers, but the new NotPetya virus can attack all unmapped drives and shares available on the network. This is why it’s imperative to tighten your cyber-security. Here are the essentials:
- Ensure you have a professional-grade anti-virus product installed which specifically mentions protection from NotPetya and any new bugs being reported with equally fancy names.
- Keep on top of browser and anti-virus updates. These contain “patches” which help fix gaps in previous versions’ protective layers.
- Unmap drives, close the shares which are not needed and block your SMB ports.
- Review all security authorizations and change it to “read-only” for those who don’t require “write” access.
- Administrators should have two login IDs; one for everyday use and another with higher privileges which are only used when necessary.
- Purchase a professional-quality router to provide a decent firewall. That Walmart “special” may not be up to the task.
- Always have your Windows Firewall turned on.
- Again, NEVER open suspicious emails.
- Again, NEVER click on links without double-checking the URL by moving your cursor over the link and reading the display.
- Did you open an evil email and click on a link before suddenly realizing you made a big oopsie? If your computer starts acting strange like it is downloading something or gives you a clue that your computer is in trouble, IMMEDIATELY UNPLUG THE POWER AND NETWORK TO YOUR COMPUTER! It takes a little while for the complete virus to download and if you are quick enough, you may save your data. Make sure the network cable is unplugged before you restart your computer. Talk to an experienced IT person before trying to restart it.
- Remember to update your anti-virus software. That anti-virus software you bought 5 years ago is not protecting you anymore.
4. What to Do If Your System Becomes Infected.
Okay, so despite our best efforts to warn you, something went wrong and now you have the maddening extortion letter on your monitor explaining how much you have to pay the blackmailers for the encryption key to get your data back. What’s your next step?
- Do not try to restart your system using your backups but hire professional IT people to do this for you, for your best chance of having a positive outcome.
- You may consider paying the blackmail amount as it can be as low as $300/device, but bear in mind there is no guarantee the encryption file you’re paying for will work or that the malware isn’t programmed to make a comeback or two. It also alerts the extortion enthusiasts that you are a great mark as you are willing to pay money to them, rather than to IT people to be rid of the nasty code.
The Bottom Line
"Cyber Security is a Team Sport in Every Business. Keep Everyone with Online Access in the Security Loop."
- Mike Kuefler