Anti-Ransomware Strategy: Taken Care of Business


Here's a situation for you: you just got into your office, you prepared a nice cup of coffee and you are ready to start your day. It's Monday and you feel full of energy and ready to get down to business. You open a few emails before you open the wrong one. The beginning of a nice week turns into a never-ending nightmare.

So, before you open your next email, answer this question: Do you have a backup? If not, put the mouse down and give us a call. If you do, give us a call, as we can discus multi-layer protection plans and prevention.

What we'll do:

  • • Deliver another layer of security by installing one of many endpoint or professional versions of Anti-Virus that will include Anti-Ransomware protection
  • • Take care of regular backups of your business data, so the damage is minimal in case your system gets infected with ransomware
  • • Frequently update your systems and software to eliminate vulnerabilities of previous versions
  • • Perform baseline checks of the server core to ensure optimal performance
  • • Implement advanced notification system to monitor and alert when the system is not performing optimally or if there is an issue with the backups



Secure Networks ITC strives to create a perfect IT environment for all clients. The most common hurdle that most companies fail to overcome is the security aspect of their IT. Often falling short of any standards due to the cost or belief that just being careful is the best security measure.

It is far from it, really. Yes, you can go years before experiencing any serious malware attack, but once you do, the consequences can be catastrophic.

That is where we step in! We will do everything to create that perfect, carefree work environment, so you wouldn't have to think about any malware attacks or loss of data.

What is Ransomware?

It's 2018, so most of us know what Ransomware is – a sophisticated malware that takes over your computer, denies you access to your data, tells you to kiss it good-bye unless ransom is payed. Depending on the size of the business or institution, the ransom can range from a few hundred bucks to tens of thousands.

The payment is to be executed in Bitcoins and the victims are sent detailed instructions on how to execute it. Initially, FBI advised the victims to pay the ransom, as there wasn't much that they could do in these kinds of situations, but recently the "no-negotiating-with-terrorists" policy has been strongly advised. Since there is no way of knowing whether the data will be securely returned or not, and there is no way to trace bitcoins, the FBI feels that paying up ransoms would only encourage these criminals to continue blackmailing companies and organizations. The ransom payments would only be used to further fund their illegal activities, so soon data hostage situations would be the day-to-day reality for all.

In case you find yourself in a situation that you are willing to pay any price just to get your business data back from the kidnapers, we're sorry to tell you, but it will be on you. Why? Because there ARE strategies to protect your business and its data, and if you don't think prevention and protection are important, well then, shame on you.


How Does Ransomware Work


There are numerous ways for the ransomware to gain access to your computer, and phishing spam is one of the most common ways. Phishing spam are all those email attachments that make you believe opening them would be perfectly safe because they appear to come from a trusted institution, a friend or a colleague (PDFs, Word Documents). In reality, downloading and opening them initiates a hostile takeover of your computer data. Some have built-in social engineering tools that trick users into giving them admin access, while some, more aggressive forms can exploit security holes and gain unauthorized access without having to trick the user into it.

Another popular method for infecting computers is called malvertising and the main trick here is that it requires little to no user interaction. The users would be browsing the web, legitimate sites even, when they are redirected to a criminal server, often without even clicking on the malicious ad. Criminal servers collect information about the user location and computer based on which the most suitable malware is selected (most often ransomware).

There are three main types of ransomware:

Encrypting ransomware – These are the nastiest of all, because they encrypt (block) system files and demand payment in exchange for a decryption key. Once the files get encrypted, no security software can restore the data. The only option to get it back would be to pay the ransom, but there is no guarantee that you'll get the data back even if you pay. It is hard to detect, it usually slows down the computer and shows the ransom message after absolutely everything is encrypted;

Locker ransomware - These block your access to desktop, all files and apps. Upon starting your computer, a window containing a message about the blockage would appear, often with the FBI or US Department of Justice seal. Screen lockers are not as bad as the encrypting ones, as they only block access while the data is not encrypted.

Key Characteristics of Ransomware -  Infographic

Click Image To Zoom

Scareware – These were supposed to be scary but are nothing when compared to the previous two types. These usually include tech support or security software scams, as the user would get a pop-up saying that malicious activity has been detected and that you would need to pay to remove it. If you ignore the message, you'll get bombarded with more pop-ups, but nothing will happen. Just remember: if you are already paying an antivirus software, then why would the company ask you for money for each individual malicious activity that gets detected?

After the infection spreads, the victim is shown a message or an image saying that the files are now inaccessible and that the only way to regain access is to pay the ransom. However, this is not the only scenario and certainly not the one that causes the most panic. Some attackers can falsely claim to be a law enforcement agency that is shutting down user's computer because pirated software or pornography was found on it. Users panic especially in the case of latter and are prepared to pay any fine just to keep things quiet. The second scenario that causes panic involves leakware or doxware malware. The attackers inform the user that sensitive material has been found, so they threaten to publish it unless the ransom is paid.

In these kinds of situations, before you begin to sweat, remember this: there is no need to panic. In case the law enforcement agency found illegal material on your computer, you would probably hear a knock on the door instead of seeing the ransom message on your screen. As for the message about the sensitive data, know that finding and extracting such information is extremely tricky, so they probably don't have anything on you.

Ransomware Attack – Who's the Target?

The short answer: everyone. Although newspapers only report about the major attacks (such as the recent lockdown of the city of Atlanta), every small or midsize business, enterprise or organization is a potential victim. You may hear so much about so many attacks, but the real issues are attacks that you don't get to read about. Attacks happening to businesses like yours.

Some organizations are more vulnerable and are therefore, more likely to get attacked. For example, academic organizations, such as universities and colleges, not only have smaller security teams and budget constraints, but their user base does a lot of file sharing, which enables easier breach.

Other organizations, such as government agencies and medical facilities, are likely targets because their services are time-sensitive and crucial. There is a great sense of urgency when it comes to recovering the data, so these institutions are more likely to pay. HR departments of enterprises are also likely targets, as attackers can get ransomware in through job application emails.

Organizations with sensitive data, such as the law firms, are more likely to execute the payment, because leaking sensitive information can compromise their business. Some attackers block access and then put the data up for an online auction where the highest bidder would get the data.

How to Remove Ransomware

You need to know that not all ransomware families have corresponding decryptors and that running a wrong decryption script can only further encrypt your files. That's why you probably shouldn't try downloading and running anything yourself unless you have a lot more skills and knowledge than an average computer user. On the other hand, in case you are dealing with a screen locker, a full system restore would probably be the best practice, but only if possible, of course.

It is crucial to pay close attention to the ransom message to determinate which ransomware type is the one you're dealing with (sometimes it can only be a scareware imposing as encryptor). Next, system reboot to safe mode to stop the encryption and installing antimalware software is required, as well as scanning the system and restoring it to a previous state.

As we probably lost you at 'reboot system to safe mode', the absolute first thing you or your employees should do is seek advice from an IT specialist before anyone makes attempt to do anything themselves. Meaning – shut down computer forcefully immediately and get an IT on the phone. The user would explain the experience and a field tech would be sent to your office to start restoring your computer to previous state.

Important fact you should know: The encryption infection doesn't spread instantly upon entry. Depending on the computer it can sometimes take hours if a computer is fast, and sometimes it can take days for the malware to encrypt all the files. It is important for the user to immediately report unusual slowdowns and inability to access data, because there is a good chance that there is an active encryption going on.

As we mentioned, encrypted files can't get encrypted without the encryption key, so once they're captured, they're gone. Therefore, prevention should be your top priority.

How to Prevent Ransomware


Ransomware is extremely sophisticated, there's no doubt about it, but keep in mind that most likely targets are organizations with budgets constraints and poor tech infrastructure. As a small to medium-sized business owner, you don't encounter same constraints the large government institutions do.

Since you are on top of the decision-making chain, you would need to create a solid IT infrastructure for your business which involves setting an IT budget and creating a 5-year plan.

Most of the companies rely on very precise budget planning in all parts of their business, including IT. Proper budgeting is only possible if careful planning precedes it. With IT, it is very different. The technology evolves at a staggering pace alongside malware and other malicious software that you would have to take this in consideration when creating a plan. Here is where the 5-year plan takes place. 5 years in IT are considered a lifetime of most equipment, so foreseeing what should be done within this period and prepare for the next is very important.

When talking about overall security, we would need to plan for physical protection like firewalls and replace them as soon as they reach the end of their lifecycle. Any firewall license that needs to be employed should be renewed after the licensing period expires. Proper upgrades are also something you should plan.

Another part of the security would be Anti-Virus and Anti-Spyware software. Both should be always in-check and never left outdated. Testing should be done periodically to ensure that the current setup is something that is suitable for your environment. A lot of Anti-Virus vendors offer different types of protection and many times can offer great protection at first, but then after a while fall short in some or all categories. Same goes with Anti-Spam, as it can be really good for certain period and then start to release more and more spam emails into your system.

Planning changes, upgrades, updates and testing during a 5-year period will certainly help you not worry about abrupt loss of data or service.

There are numerous prevention and protection steps that you should make in order to keep the ransomware damage to a minimum. These steps are a part of good security practices provided by the managed IT service provider, so perhaps you are starting to be aware why every business needs one and why an IT budget is crucial.

How to protect Your Business from Ransomware - Infographic

Click Image To Zoom

A solid anti-ransomware plan includes following practices:


Create secure data backups – Backing up your files regularly and having an offline backup is what is going to save you in case the ransomware attack occurs. In case your business data has been frequently backed up, then there is no hostage and there is no need to pay ransom (learn more about Secure Networks ITC triple-layer backup protection plan);

Invest in great cybersecurity – Just any antivirus simply won't cut it, especially if we're talking about free options. Businesses need professional versions of antivirus software and centralized management (learn more about the best antivirus software for business;

Keep your systems & software up-to-date – Frequent updates of your operating system are important because newest versions have less vulnerabilities. Same goes for endpoint protection suits. Updates can be done manually or automatically through the server;

Use layered security – This includes regular security software patches, system hardening and vulnerability management. As the name implies, it will consist of multiple layers of protection. Physical layer is the first layer – firewall; second layer is the software based layer – Anti-Virus & Anti-Spam; third layer is a policy based security layer – creating different policies and limiting the computer usage to the essential, for example work file access only, we can stop the viruses from spreading or infecting the workstation from the start; fourth layer would the backups – if all other layers fall short in protecting your data, backups will ensure that you will be back in no time.

Use a whitelisting program – These programs will prevent your employees from installing unauthorized programs. Although the employees usually complain about this restriction, whitelistings are probably the best defense against ransomware besides a good backup;

Determine an IT budget – In case you don't have anti-house IT department, make sure you get a managed IT service provider. Not only will the IT guys take care of all the points stated above, but they will also make sure all your business workstations and every-day business activities are running smoothly;

Educate yourself and your employees – It is important to know how a possible threat looks like and to educate your employees. For example, employees, especially those with admin access, should be educated on how to detect malspam, suspicious websites and other scams that they should not open and to report suspicious activities or computer performance (especially computer slowness) to the IT department.

Don't get tricked – Don't install anything that is sent to you in an email or offered by visiting a website. All software should be installed directly from the legitimate vendor's website. The safest thing would to contact the IT department every time you need a new software installed. They won't get tricked and installing all kinds of unnecessary apps (we're not just talking about the malicious ones here) would be avoided.

As you can see, there are quite a few steps that need to be taken into consideration. Having a basic protection is not something that you need, so give us a call and we'll tailor a plan for you and upgrade your security in an instant.