Ransomware is here – are you ready for it?
As an Educational Institution user, you may already be aware of Ransomware and the countless headlines about the attacks that cost organisations billions of pounds every year and that its prevalence is expected to increase in the final quarter of 2016. If you aren’t then Ransomware is a type of malware that holds organisations for ransom by encrypting business critical files and subsequently demanding a ransom in order to allow you to decrypt the files and regain access to them (Note: even if you are provided with the decryption keys, decrypting all files is not guaranteed and can be an incredibly time consuming process). Criminals will then typically use persuasive follow up techniques to get victims to pay the ransom, such as:
- Making encrypted data unrecoverable after a certain period of time
- Threatening to post captured (potentially sensitive) data publicly
- Using fear by claiming to be law enforcement and threatening prosecution
- Increasing the ransom payment amount as time goes on
- Threatening to erase all data and rendering all enterprise IT inoperable
Educational establishments are now a major target due to the confidential research, and student data they hold, data that criminals know an educational establishment cannot afford to do without. So what can be done to minimize the risk of being hit by a crippling Ransomware attack?
- Build User Awareness. The weakest link in any organization’s security strategy is its staff or end users. Often, successful ransomware attacks are due to a staff member falling for a well-crafted and opportunistic phishing email, where the most frequent themes are delivery notices and invoice payment requests. Staff need regular reminders of the need to exercise caution when opening email attachments or clicking embedded links in emails. If in doubt, delete the email, if it’s genuinely important the user will contact you in other ways if they do not receive a response. Regular education is required to make sure security is uppermost in the minds of staff.
- Use a dedicated anti ransomware solution such as Sophos Intercept X to stop ransomware from encrypting your critical files. Intercept X not only automatically stops ransomware attacks as soon as they’re detected, but rolls back damaged/encrypted files to known and safe states as well. Additionally, the Root Cause Analysis feature provides forensic-level analysis that highlights and reports on the root causes of attacks and their infection paths. This means you will immediately know from which devices on your network the attack originated from and allow your IT department to quickly eliminate the risk posed by that particular device.
- Have a robust backup/disaster recovery policy in place such as Microsoft Azure backup (in conjunction with Microsoft System Center DPM or Microsoft Operations Management Suite). Ransomware has the ability to encrypt files held on any network drives, shares and removable media so the implementation of a Cloud based backup policy that backs up to Microsoft’s Azure cloud is increasingly seen as an option to recover from traditional event based disasters such as fire or flooding but also from new threats such as ransomware and other cyber related attacks. If you don’t have a dedicated anti ransomware solution in place then sometimes the only way you can recover your business critical data from an attack is to restore from a Cloud backup.
For more information on these products, including how to license them most effectively for price and compliance in your organisation, why not call us – we are here to help on 01974 200 201 or email firstname.lastname@example.org