Ransomware: Ten things you can do about it

on May 30, 2017

With all of the recent headlines about ransomware such as WannaCry (aka WanaCrypt) and Cryptolocker, we’ve been asked by many of our customers if they are doing enough to stay safe from these types of attacks. In truth, the creators of malware are constantly finding new exploits (or reusing old exploits) to attack systems and the defenses are constantly trying to address the exploits. The safest computer is one that is not connected to any public networks, however, this is also a less capable device for most use cases. So, what can you do to help manage the risk associated with the constant onslaught of malware? There are hundreds of things you could be doing to help minimize the impact of malware. Here’ my top ten list of things that you or your service provider should be doing:

 

  1. Backup – Backups are one of the most important defenses against malware that infects files. If your data is held ransom, you can simply restore your data from the backup.
  2. That leads me to number two: Test your backups. A backup is only useful if you can restore from it when you need to.
  3. Update your systems regularly. Microsoft releases security updates every month. In the most recent WannCry attack, a security update had been available for several months that prevented the attack in supported operating systems.
  4. Don’t run unsupported operating systems as the vendors no longer provide security updates for them – in the most recent WannCry attack, most the compromised devices were running unsupported operating systems such a s Windows XP.
  5. Turn on the security features in you operating system and hardware. Modern computers have dozens of security enhancements that often get ignored because organizations are unfamiliar with them. For example, consider using UEFI with Secure Boot where possible. This combination helps secure devices against common attacks that attempt to take control of a computer during the pre-boot sequence and insert itself below the operating system where it is difficult to detect and remediate.
  6. Don’t use an administrator account for your regular work. The account you use for your regular work should have just enough privileges to get your job done. If you need additional privileges on occasion (E.g. to install software or manage a server), use a separate account for that purpose.
  7. Use a modern antimalware tool and ensure that malware signature files are updated regularly. Be sure that the toolset your chose also integrates with your email service to remove potential email threats before they get to your inbox.
  8. Don’t open emails from people you don’t know, especially if they have attachments.
  9. Be vigilant for social engineering and phishing attempts. Many attackers are invited in to a system by unsuspecting users. Microsoft does not call you to fix your computer!
  10. Check with your business insurance provider to find out if you are covered for ransomware attacks and what your responsibilities are to ensure that the coverage is in force.


Take the time to educate yourself about malware and IT Security. Evaluate the risks to your business and consider engaging an IT Security Professional if the risk is sufficient.

By Colin Smith

Colin Smith is the Manager of the Microsoft Solutions Practice at Cistel Technology Inc. , a Microsoft Gold Partner headquartered in Ottawa, Canada. Colin is a frequent author and presenter. He is also a dual Microsoft MVP.  He is an MVP for Enterprise Mobility (formerly System Center Configuration Manager) who has been working with the product since SMS version 1.0. He is also a MVP for Windows and Devices for IT.  In 2017 he was awarded the Windows Insider MVP designation as well.  He has over 25 years of experience deploying Microsoft-based solutions for the private and public sector with a focus on mobile, desktop, cloud and data center management.

Colin SmithRansomware: Ten things you can do about it