The WannaCry global ransomware outbreak is still a potential threat to Australian businesses – as are other active ransomware threats.
Thankfully, there are simple, common-sense steps you can take to help avoid ransomware:
- Don’t open email attachments from senders you don’t recognise, even if they look very convincing
- If you receive a document from an unknown source, don’t open it and definitely don’t enable editing in Word as this will allow macros to run, which can be also used to download the ransomware
- Avoid clicking links on dubious-looking websites
- Make sure that all your software, including installed plugins, is up to date, because as we have seen with WannaCry, hackers use these vulnerabilities to attack your PC
- Install security software that can prevent an infection from encrypting files on your PC.
- Make sure you regularly back up.
The first two issues can be mitigated to some extent by using an email security service such as MailGuard.
However, the first three measures also rely on the user’s behaviour, so if you’re the owner or IT/security manager of a business, regularly educating staff on these three points should be a key part of your defence plan.
WannaCry was rapidly propagated on networks via a Windows server message block vulnerability. That vulnerability was patched by Microsoft in March, yet clearly many organisations had yet to update their systems two months later.
It’s yet another example of why timely patching applications and operating systems are important. Especially organisations need to have a strategy of patching their systems in a timely manner.
Individual users and small businesses can be protected by turning on automatic updates in Windows and their applications – or accepting updates when prompted to do so – and only using software that’s supported by the vendor.
Most importantly, it’s vital that you back up all your documents and other important files to the cloud and/or another drive that is not connected to your PC or the network permanently.
That means syncing to a cloud service like Dropbox, OneDrive or Google Drive – on its own is not good enough. It is vital to back up to a location that is otherwise not connected to the network or a computer, because ransomware and other malware can “encrypt, corrupt or delete backups that are easily accessible”.
The best advice is to follow the 3-2-1 rule – have at least three copies of your files stored in two different formats, with one copy stored off-site (so, not on your PC or hard drive).
Install Anti-Ransomware Software
There are several tools from major software security companies that can protect your device from common types of ransomware.
Here are just a few:
- Bitdefender Anti-Ransomware (or one of its full security suites)
- Cybereason RansomFree
- Microsoft’s Enhanced Mitigation Experience Toolkit (EMET)
- Trend Micro Ransomware Screen Unlocker Tool (or Trend Micro Security)
- Zemana Anti-Malware
Note that this list is by no means comprehensive, and we have not tested the above software. Bear in mind that some need to be run manually (they don’t safeguard your system in real time) and most only protect against certain types of ransomware.
We strongly advise looking on anti-ransomware tools as only part of a multi-layered approach to ransomware defence.
I would also highly recommend reading this article Why Businesses Should Care About Ransomware by Mohseen Lala at Cloudwards