Ransomware – not just for the big guys
The news has been busy of late, reporting about ransomware attacks on the oil and meat industries. Big companies being targeted, production shut down or delayed, even shortages – looks like the bad guys are only going after the big fish. Well, think again.
It isn’t only big targets that are being affected but small business too. Right here in sunny Northwest Florida, we’ve had the unfortunate pleasure of helping local businesses recover from ransomware attacks. It is unfortunate that people must deal with this mess at all. But it’s a pleasure when the tools and protective measures we have in place work and keep the business safe.
In our inaugural edition of Tales From the Trenches, we are going to share the story of a local company that was nearly compromised from a remote user’s device through the popular file synchronization application, DropBox. Due to privacy issues, we are going to keep the company anonymous, but you can think of any small business with remote workers.
I want to state right from the beginning that DropBox was not compromised in any way. No one hacked it, it did what it was supposed to do – sync files from an end user device to a shared folder on the business network. However, the end user’s device was attacked, more than likely encrypted (they never admitted anything), and the local copy of the shared files in the company’s DropBox folder were encrypted and then dutifully synched to the server.
Trending in the right direction
On the business side of things, Trend Micro Worry Free Services Advanced antivirus is installed on all devices. Our initial notification of trouble came from Trend when it detected the ransomware payment demand files start syncing to the server. Trend clamped down on the files as they came in and prevented anything from actually landing on the server. Score one for the good guys!
Once Trend clamped down on the bad files, remediation was straight forward. Our customer stopped all DropBox connections, isolated the end user that was the source of the attack, and used DropBox’s rewind feature to restore the affected files.
After the attack, our client wrote to us, “Thank goodness for Trend’s Dropbox scanner!! If you have clients with web services like Dropbox, I highly encourage them to add that extra layer of security. It appears to have quarantined everything before it made it to our network or affected client’s computers, and all I had to do was a Dropbox rewind to get our files back.” Had this failed, we would have restored the folder from their onsite, or worse case, offsite backup.
This is a common scenario with teleworkers, using a tool such as DropBox, OneDrive, Sugarsync, etc. If the remote device is not protected or the user uses bad judgement in opening a malicious link, malware can end up automatically synching to the server and causing much greater harm than just effecting a single laptop or tablet. As a business, you have to control any device that connects to the server. This is harder when the remote device isn’t yours and you don’t have as much control over it. See our previous blog post about Bringing your own device.
Layers keep you safe
It takes multiple layers to keep your business sage. Probably the best defense against any virus, phishing or ransomware attack is training. Make sure your employees know how to identify suspicious Websites. Teach them to be on the lookout for emails that are out of the ordinary. Would your GM really ask for a wire transfer? Better call him or her and ask.
The next best thing is to invest in a comprehensive multi-point antivirus solution. Choose one that inspects email before it hits your mail server, can identify threats in your Web applications, and also monitors the end user devices. Don’t just rely on a popular free antivirus that only watches your PC. You want protection all the way up the stack to the email server itself.
When a problem occurs, and unfortunately it will at some point, you want to know that if everything is lost you can recover from backups. We embrace the 3-2-1 theory of backup and disaster prevention: three copies of your data on two different media with one copy offsite. For our financial customers I actually push for a 3-2-2 scheme. You really cannot have too much invested in your backup system.
That’s a warp!
Please don’t think that ransomware only happens to big companies. This is one of many cases we have worked experience with. Some didn’t have a happy ending, but thankfully most did. Let us talk with you about your current security posture. We can help identify weak areas and make sure the solution you have is the right size for your business.
Our preferred vendors for services mentioned in this blog:
KnowBe4 – knowbe4.com
Trend Micro – trendmicro.com
Veeam – veeam.com