Do you remember where you were on Friday, May 12? Chances are, you were at the edge of your seat, watching the news of a rapidly spreading ransomware variant and hoping none of your clients would be hit.
Within 24 hours of the start of the attack, more than 230,000 computers in 150 countries had been infected. The name given to the ransomware — WannaCry — probably reflected the feeling many company administrators felt.
Ransomware is continuing to evolve and to find new ways to infect victims. So how can we keep our clients safe?
1. Proactive protection. The days of hoping ransomware will go away are long past. Instead, we must apply proactive solutions for customers and really be out in front of the epidemic. When building out a services platform for clients, look to solutions that actively monitor changes to a user’s system. Doing so can save crucial time should a customer get lured into a ransomware scheme.
2. Enable protection measures. Proactive protection is a vital tool in combating ransomware. With that said, you should always double-check that all of the relevant features and protection enhancements are turned on. What good is protection when you haven’t enabled it to secure your system (or you)?
3. Update all systems. As we saw with WannaCry, criminals will look to exploit zero-day vulnerabilities and outdated operating systems. Nearly 98% of the victims of that attack were running some version of Windows 7. The exploit targeted file-sharing port 445. Research from Rapid7 showed that in 2016, 4.6 million connected devices left this port wide open, and the vulnerability prompted Microsoft to issue an emergency patch for three operating systems that were no longer receiving mainstream support. You would think that people ran the update, right? Well, not really. The same report that showed the 2016 stats noted 5.5 million connected devices with insecure ports during the WannaCry outbreak. Be mindful of patches as they come up, and encourage clients to update each Patch Tuesday.
4. Back up, back up, back up. At the risk of sounding like a broken record, we have to say it again: Backing up data can save you from accidental deletions, system meltdown, or the aftermath of a ransomware attack. Backups can be automated, and they represent a lifeline for recovery in the worst-case scenario.
5. Don’t pay. If your clients get caught in a ransomware attack, encourage them not to pay the attackers. For starters, paying ransom does not guarantee a safe return of the files; as the old proverb says, “There is no honor among thieves.” Paying the ransom also helps fund their criminal enterprise.
It may sound daunting when faced with an attack, but you need to stay strong. If existing security cannot roll back malicious changes, then backups can help restore the files to a certain point. You can also look at projects such as No More Ransom, where competitors and law enforcement are working together to provide free decryption tools and help victims get their files back without paying the crooks.
Guest blogs such as this one are published monthly and are part of MSPmentor's annual platinum sponsorship.