As many of you have seen in the news over the weekend, a very malicious Ransomware variant called Wannacry or Wcry has infected over 200,000 machines worldwide. This Ransomware is unusual because not only does it infect a single computer, but it also has the potential to spread over the network and infect other systems. We’ve been monitoring this situation over the weekend, and are ready to answer any questions that you might have. We’ll answer some of the most common questions in this message. Understandably this is a lot of information, so DS Tech is offering a FREE 30-minute consultation to discuss your business’s susceptibility to Ransomware.
What is Ransomware?
Ransomware is a specific type of malware that has become increasingly prevalent over the last few years. The infected system encrypts all of the commonly used local and accessible network files such as documents, pictures, and even databases. These files are at that point useless and need to be restored from backup. Even if the ransom is paid, the files are commonly still left encrypted.
How am I protected against Wannacry?
DS Tech takes a multi-faceted approach against all Ransomware, includingWannacry:
• The majority of our customers are using Symantec Cloud Antivirus. Symantec has confirmed that their newest definitions detect and prevent this infection.
• Most of our customers also participate in our Windows patch management through LabTech. Wannacry in particular spreads via a Windows vulnerability that was patched in March.
• We also offer patching for third-party utilities such as Firefox, Java, Chrome, Flash, and more. This is not relevant to Wannacry specifically, but some Ransomware does propagate through security vulnerabilities in these pieces of software.
• Another layer of protection we use is Content Filtering, or Website Filtering. Many Ransomware variants “phone home” to a certain website to obtain further instruction. Often times if they cannot make this connection, then they can’t do any damage. Content Filtering services constantlyupdate their list of known malware sites and block these connections.
• Many Ransomware variants are delivered via e-mail. It’s important to have spam filtering in place, but also to train all e-mail users on what to look for when it comes to fraudulent e-mails and fake attachments.
• Most important are backups. Ransomware has been known to infect local backups in some instances, so it’s always recommended to back up your data using an off-site service or media rotation. Also important is to periodically test your backups to ensure that they are functioning properly.
What do I do if I get infected with Ransomware?
Please contact DS Tech right away. We will help assess the situation, provide a recovery path, and assist the authorities where necessary.
DS Tech is proud to offer proactive services that cover everything above. If you’re interested in how we can further help protect your business against Ransomware, please contact us to schedule a FREE 30-minute consultation.