Ransomware is a malware attack that prevents access to the infected computer system; part of the attack includes a demand from the attacker that the user pay a ransom in order to regain access to their computer. This type of attack has seen a rapid increase this year and small businesses have been a particular target for attackers.
The F.B.I has posted the below guidance to businesses and individuals which include tips for dealing with the Ransomware threat. While the below tips are primarily aimed at organizations and their employees, some are also applicable to individual users.
- Make sure employees are aware of ransomware and of their critical roles in protecting the organization’s data.
- Patch operating system, software, and firmware on digital devices (which may be made easier through a centralized patch management system).
- Ensure antivirus and anti-malware solutions are set to automatically update and conduct regular scans.
- Manage the use of privileged accounts—no users should be assigned administrative access unless absolutely needed, and only use administrator accounts when necessary.
- Configure access controls, including file, directory, and network share permissions appropriately. If users only need read specific information, they don’t need write access to those files or directories.
- Disable macro scripts from office files transmitted over email.
- Implement software restriction policies or other controls to prevent programs from executing from common ransomware locations (e.g., temporary folders supporting popular Internet browsers, compression/decompression programs).
Business Continuity Efforts
- Back up data regularly and verify the integrity of those backups regularly.
- Secure your backups. Make sure they aren’t connected to the computers and networks they are backing up.
More information can be found at: https://www.fbi.gov/news/stories/2016/april/incidents-of-ransomware-on-the-rise/incidents-of-ransomware-on-the-rise