How to Survive a Ransomware Attack [video]
The Best Defense Against a Ransomware Attack is Prevention
Spencer Anderson, Loffler's Manager of IT Managed Services, explains the steps needed to best prevent a ransomware attack.
Keeping ransomware out is the number one thing you can do. That is done using the same methodology that's been used in IT for a long time - security in layers.
How To Prevent
1. Firewall. You want to have good protection on the network so you want to have a good firewall.
2. Antivirus. You want to have good protection on each endpoint, you want to have antivirus.
3. VPN Connections. You want to have secure connections in and out of your network, so secure VPN connections.
Some of the things we are adding on top of that are:
4. Multi-factor authentication. This means that you need to know your password and something else in order to be able to access your computer, email or the company network.
5. Advanced endpoint protection. We're also doing more advanced endpoint protection, so software that's written specifically to look for things that ransomware does. This could be changing files that don't usually get changed and then preventing that when it starts to occur.
6. Backup solution. Behind all of that, we always want to have a good backup. If you have a good backup solution, you can recover from a ransomware attack if it does happen, in minutes versus days, weeks or never.
It is important to remember that ransomware can live in your network unnoticed for a long time, hundreds of days, before it takes any action. So you want to have these prevention steps in place all the time, always watching your important data.
What To Do
1. Disconnect. If you do get a ransomware attack, the first thing to do is disconnect your computer from the network.
2. Notify. Once disconnected, notify an IT expert that knows what else your computer typically connects with. So if you use a file server, an H Drive or an S Drive, you want to tell somebody that has access to that to see if any of the ransomware spread to that centralized part of your infrastructure.
3. Locate. Then you want to take steps with the rest of your company or your IT service provider, to really find out where it is in the network and there are different ways to do that.
4. Recovery. If you've got a good backup at that point, you can just restore from backup. If the data that was encrypted is not important to the company, you can consider it, you know, old data and just re-image your computer and start fresh.
5. Stay aware. It's important to stay aware of that ransomware attack for the days and weeks following it because it could have left a footprint behind somewhere else, that will then affect somebody else or just try again later.
It is important to really be thorough with the recovery and Loffler has been brought in to help companies with that in the past and that is something that we've been successful with. So it's definitely something that can be recovered from with good prevention and thorough remediation.