A Strong Defense Against Ransomware
BTS Technologies Newsletter for Fall 2016
A Strong Defense Against Ransomware
– Brian L. Wakefield
Ransomware is a type of malicious software which will encrypt files on a computer or otherwise block access to files, until the user pays a "ransom." The entities writing and distributing ransomware are sophisticated enough to understand the value of the files they encrypt, and they vary the ransom demanded based on the perceived importance of the files. The ransom demanded, usually in bitcoins, can range from a few hundred dollars for an individual home user, to millions of dollars for an infection of a large company network. In a lot of cases, the users are forced to pay the ransom because the alternative is to lose critical data needed to keep their organization operating. One antivirus company estimates that a single variant of ransomware, called CryptoWall, has cost users $325 million since its discovery in January of 2015.
To protect your company from ransomware requires a layered approach to monitor and protect your network at many different points. To be 100% sure you are protected from a ransomware attack would probably include making your computer and network unusable. However, there are ways to protect the network from an attack while making sure you can recover in case your network becomes infected.
Strong User and Device Policies – In almost all cases the infection from ransomware is caused by a user inadvertently opening an executable file. This can be blocked by restricting the user's ability to open these types of files. Although this works well, the end users normally fight this sort of security as it restricts them from loading new applications they want to add or using some online applications such as web conference clients without the intervention of a network administrator. As in most cases when dealing with network security, you have to balance your end users' needs and expectations with the companies' needs for keeping the network safe. This can be a difficult line to walk at times. In some of the newer options available, such as cloud-based Workstation-as-a-Service (WaaS) the environment is configured with an allowed list of applications the user can install without intervention from an administrator. Any new application needed can be added to the list for any user to install at a later date. This helps the user have the flexibility they want while protecting from an inadvertent installation of malicious code.
Managed Antivirus – It is important that a good antivirus solution is in place for all users and devices on your company's network which will look for "signatures" of the malicious code and quarantine the code when found. The antivirus solution used needs to be managed to ensure that all users are on the latest version with regular updates to the database of signatures to scan for. This is an effective way to block infections from known variants, but can be ineffective for "zero-day" infections from new variants until the manufacturer of the antivirus has time to include the new variant into the database of signatures. Network Segmentation – Today many companies have adopted a Bring-Your-Own-Device (BYOD) policy and also allow visitor access to the network for internet use. It is important to segment your network such that only devices which adhere to your corporate security policies are allowed access to critical files and folders on your network. Most ransomware infections will scan the network and seek to encrypt shared files on the network. If someone brings an infected device onsite and connects to your local area network, they can cause some files to become encrypted if they have access to those files. Worse, in most cases the ransom must be paid at the infected device, which may have left the building (for example, in the case of a visitor). The segmentation of your network may include a "public" network which would allow users to connect and gain access to the internet while preventing them from gaining access to any "private" or corporate files. This can also work hand in hand with your wireless network security policies to allow only secured devices on your corporate network. It is extremely important that random users are blocked from gaining access to important files.
Firewall Services – Many modern firewall devices can be used to help prevent attacks by ransomware and other malware. Some of the services provided by these gateway devices, such as Advanced Persistent Threat (APT) Blocker, Intrusion Prevention Services (IPS), SPAM Blocker, Application Control, WebBlocker, Gateway Antivirus, and Reputation Enabled Defense, can provide important protection for your network. In some cases, the firewall can protect your network from new "zero-day" attacks as it will block access to suspicious websites based on reputation or type of traffic. It can also be used in conjunction with your network segmentation to block the proliferation of an attack based on the application and types of network requests.
Backup and Disaster Recovery (BDR) System – When all of your best efforts fail and you find yourself dealing with an infection, it is very important to have a way to restore files the files easily and quickly from a time before the infection happened. This is where a BDR system can be a life saver. It is important that your backups take multiple snapshots on a fairly frequent basis. Some companies make backups on a weekly basis, but this can be almost useless as restoring week old data is going to mean your employees will need to spend a lot of time recreating all the transactions and data entries made over the last week, if that data can be recreated at all. In some cases, losing a full week of data could be disastrous. It is recommended that a BDR system have regular snapshots, such as hourly, allowing you to recovery to a time period immediately before the infection occurred. It is also important that the backup data be easily recoverable and quickly restorable from a file level. Some older backup systems, such as tape drive, can be painfully slow and cause your company to be without the data for hours, or days, when trying to recover.
Luckily there is not going to be a test at the end of this post, and you don't have to be a network security engineer. BTS has access to all the systems and services you may need to protect your important data. From our cloud-based Workstation and Server-as-a-Service (WaaS and SaaS) options which include all the needed security, to on-premises based systems to provide the needed security or bolster the security you already have in place, BTS can help make sure you are as protected as possible. If you would like someone to assist you with assessing your network and providing recommendations on improvements, please contact one of our Technical Experts at 205-942-6532.
On Sales and Selling
– Julien Burkhalter
"Sales and selling" seems to be a bit of a misnomer to me. The "salesmen" at BTS offer solutions, but to call what we do selling implies that we would push a contract on a customer, that we would "sell it." As a customer of BTS, you already know that simply isn't true. David Dick, Greg Gassner, and I at BTS run around Birmingham and the wider world looking for problems that we can offer an elegant solution to. When we find a problem, we dig at it until we achieve a sufficient understanding of its scope and all its specific workings, and then we bring the situation back to our brilliant sales engineers, Brian and Roger III (affectionately nicknamed R3), and we leave it there...for a time, anyway, while Brian and Roger carefully consider the information in the valuable context of their extensive technical experience and their legendary creativity in devising clever solutions for our clients.
Once the guys in engineering have a handle on things, they take the matter back to the "salesmen," and we all work together to refine the solution into something that fits the customer's needs like a glove. And then, be it via Greg or David or I, the voices of BTS to the world at large bring it back to the customer and, essentially, leave it on the table for their consideration. Now there's a lot more to it obviously; we explain the solution of our devising to whatever depth the customer would like to hear, and we check back for as long as it won't annoy a person, but not to "close the deal." We don't do that here; instead we just offer the solution and let the customer decide whether it is appropriate to their needs. So, given the reality here, the difficult question we need to be asking ourselves is, What should we be calling "selling"? I like to believe there is a more elegant word for this delicate work than simply, sales.
Microsoft Word Draft Recovery
Have you ever closed an unsaved Microsoft Word document by accident and assumed it was lost forever? You can actually recover it! Just follow the steps below.
- Reopen Microsoft Word.
- Click File.
- Click Info.
- Click Manage Document.
- Click Recover Unsaved Documents.
BTS Employee Achievements
Field Engineer Deavin Perdue has successfully completed the CompTIA A+ 220-901 certification exam. This exam covers PC hardware and peripherals, mobile device hardware, networking, and troubleshooting hardware and network connectivity issues. Passing this exam demonstrates Deavin's competence as a computer service professional in installing, maintaining, customizing, and operating computers. Congratulations, Deavin!
Computer Use and Dementia
Studies have shown that for people aged 70 and above, regular computer use can help to reduce the risk of memory and thinking problems leading to dementia. According to one study conducted by the Mayo Clinic in Arizona, those who use a computer once a week or more are 42% less likely than others to develop these issues.
If you know an older person who would like to learn the basics of computer use, you might want to share a website such as http://www.skillfulsenior.com with him or her. This user-friendly website, designed specifically for senior citizens, provides simple, fun tutorials that get the senior familiar with basic skills such as using a mouse and arrows and touch typing. After mastering these skills, seniors will feel a bit more confident about experimenting with emailing, searching medical websites, and everything else the World Wide Web has to offer.
Make Me Smile!
Cloudberry: A Short Story by Julien Burkhalter
We invite you to enjoy this fantasy story by BTS Technical Advisor Julien Burkhalter!
Four rangers had set out from the camp into the last stretch of wildwood that separated their regiment from the road to Saromat. Each bore the same dark hair that was common in the Dominion and even more common among its troops. And each, too, wore the same short beard that marked the three days since they had left the camp. On the third afternoon the thick brush and canopy above them suddenly gave way to a wide clearing with a leafless gray tree at its center. They stood at the edge of the wildwood for some time discussing the possibilities before their captain, Corrus- an older man with quick blue eyes and a graying beard- decided that they would cross as it could offer the regiment a faster way to Saromat. Walking silently into the clearing they felt a chill wind descend around them, rushing like cold water across the clearing floor. The men looked at each other uneasily and shook as winter wildwind bit through the early autumn air. Suddenly as it had come the wind receded, taking with it its ice and the torrential sound of violent air. In the stillness that followed the men walked towards the tree again and found themselves to be very small in the expanse of emptiness that surrounded them. The tree towered to the sky much farther away than they had thought and they could see it was missing most of its branches, some of which were visible in the grasses around it. As they made their way closer Corrus stopped and knelt...
Let us know what you want to hear about and we will put it in our next newsletter. Send us your comments or suggestions to firstname.lastname@example.org.
Important Contact Information for BTS
Service Desk: 205-290-8301 or email@example.com
Toll Free Number: 800-255-4372