Recently Hollywood Presbyterian hospital got hit by ransomware that shut down a number of key systems and required them to pay more than $17,000 in ransom to restore full operation to their hospital. While I don't have any inside information about what happened to Hollywood Presbyterian specifically I wanted to take an opportunity to offer you some tips on how you can avoid the same fate.
Backups Backups Backups...
The whole ransomware idea rests on the idea that the only way to get your data back is to pay them. Good news...if you have good, current, complete backups then you have another way to get your data back. Wipe your systems clean and restore from your backups. Then tell the bad guys to go pound sand.
I don't know if Hollywood Presbyterian didn't have good backups or if there was something else preventing them from using those backups. We've had a couple of clients get hit with ransomware and in each case they simply restored from current backups and were back in business in a couple of hours with relatively minimal cost.
Action Item: Check your backups. If you're not sure what your backups are, ask your IT guy.
Updates Updates Updates
While this isn't as surefire as keeping good backups, if your systems are kept up to date with the latest security patches it's harder for bad guys to exploit them. This also means keeping your browser up-to-date (Stop using Internet Explorer 8!) and making sure you have current anti-malware software.
The guys at MalwareBytes are even testing out an anti-ransomware product.
You can't just buy a product and be safe, however. You still have to install that product correctly, keep it maintained and stay alert for threats that can still get past it.
Security is a process, not a product.
Action Item: Make sure your system has the latest patches installed. That goes for your servers, firewalls and other devices too - pay particular attention to security patches. Also make sure your anti-malware software is running and up-to-date.
Walls Walls Walls
It always leaves me shaking my head when I walk into a firm and find that even the receptionist has full access to every file on the server. If a user gets their machine infected with malware then that malware has access to every file the user does. If you limit your users to only being able to access files and folders they need to access then you can help to contain the spread of malware, including ransomware, if it does strike.
Action Item: Identify what data you have, then identify who needs access to that data. Restrict access from anybody who doesn't need it. This is especially true of sensitive or mission-critical data.
You think you know what you installed but are you sure that's all that's on your network? Are you sure your users haven't installed gear on your network without telling you? You might be surprised.
"You know what you intended to use [in your network], we know what is actually in use." -Rob Joyce, NSA
This goes not just for hardware but for software as well. Make sure that you're aware of all of the applications running on your network. You may be surprised at what you find when you look. The more software and devices that are in use, especially if they're not properly installed or maintained, the bigger your attack surface is and the easier it is for the bad guys to get you.
Action Item: Periodically check your network for devices that shouldn't be there. There are a number of tools available to allow you or your IT support to better understand your network and make sure that what's connected is what you think is connected.
Most malware gets into your systems via your users. They open attachments they shouldn't open, click on links they shouldn't click on, visit websites they shouldn't visit, install software they shouldn't install or...occasionally...fall prey to social engineering scams like the fake tech support scams that allows bad guys to access their systems.
The biggest security threat in your organization is your users.
Action Item: Talk with your users about safe computing practices. Remind them to never open an attachment they weren't expecting or click a link in an email unless they are absolutely certain they know where the link goes and who sent it to them. Remind them that they are a key cog in your company's defenses and to consult with your IT support immediately if they suspect something untoward might be happening.
Keeping your systems safe requires vigilance. With some common sense steps you can significantly reduce your risks and keep things running securely and smoothly. Security is a process, not a product. It has to be ongoing and diligent to be effective.