As we’ve seen with the University of Calgary, Canadian institutions are being targeted. So how do you prevent a ransomware attack?
The University of Calgary’s recent security breach is something we should all be paying attention to. Ransomware infiltrated their systems and locked down the vast majority of their critical infrastructure. For approximately 25,000 University of Calgary students, everything from Wi-Fi access to email was unavailable for almost two weeks. Also blocked off behind the ransom paywall was the university’s valuable research. This block for both students and scientists proved to be too much for the institution and they were forced to pay $20,000 for the encryption keys that saved them from their predicament.
Ransomware is the newest issue that IT directors have to worry about in the ever-changing Internet security landscape. Not many organizations or businesses have put together practices to stop it at the door, nor have they educated their employees on how to evade it. As a primary security concern it ranks low, behind DDoS attacks and data breaches. This is certain to change. Just in the past quarter the quantity of ransomware domains increased by 35 times. In the US the ransomeware damage has shot up from $24 million for all of 2015 to $209 million in just the first quarter of this year.
The Institute for Critical Infrastructure Technology stated that 2016 is “the year ransomware will wreak havoc on America’s critical infrastructure community.”
It is not just America that has to worry. As we’ve seen with the University of Calgary, valuable and vulnerable Canadian institutions are being targeted.
Amongst the biggest targets, hospitals and universities are the most tantalizing. Both rely on access to valuable research and information, and the loss of file access can result in days of lost productivity and frustration for everyone involved. Students, patients, professors, doctors – all removed from their ability to function as part of their respective communities. With the wide range of users and the sensitivity of documents, these places have been seen as jackpots for those who would install the ransomware.
There has never been a better time for IT leaders to update their Internet security protocols, especially for those in healthcare or education. This rising and severe public threat has put worldwide attention onto IT security and their responses and highlighted the weaknesses of some of our most valuable institutions. Taking a look at upgrading protection suites now is the best possible thing to do. Proactively and visibly protect your network from a newly emerging threat. A threat where an ounce of prevention can stop a tonne of pain.
So how do you prevent a ransomware attack? What are the best practices to ensure your network doesn’t get taken down by hackers and sketchy .tk links? Our security experts have come up with a short list of easy preventative measures.
Backups, Backups, Backups
The IT mantra of “always keep a backup” rings true for this problem, as it does for every problem. Ransomware is moving towards slow encryption at the moment. Methodically locking and building encryption of key data. This can lasts for days or weeks before an infection is detected. Make sure to review your backup protocol and revise your strategy to consider this.
Don’t think locally
Make sure that your employees’ valuable information doesn’t stay stored only on local PCs and laptops. Information management and streamlining of important documents to a server that is constantly backed up is critical. Important business data should always be backed up constantly.
Don’t ignore the weakest link
It doesn’t matter how perfect your security is or how great your best practices are. As it is with every security infrastructure, the weakest link is always people. John Doe will still find a way to download virus.exe or click on a few too many suspect links during work hours. Educating your coworkers to avoid these links and the very real dangers of ransomware is essential for avoiding an incident in the first place. Of course, mistakes will still be made, making backups your #1 fallback plan. Still, it’s better if you never have to go through the incident in the first place.
The Administrator is in charge
Make sure you’re following strong practices for administrator rights and control. Keep local administrator rights in the hands of the IT department and add secondary accounts (admin accounts) used for installing PC software. That way you have vetting power over every weird executable that people want implemented.
If all this fails, then you have a hard decision to make regarding the necessary course of action. It’s pretty near impossible to deal with potentially thousands of individually encrypted files. That being said – follow these steps and you’ll be in good shape to hold off the most modern cyber-attacks.
Security products offered by CIRA: