Queensland Business Hit With Particularly Nasty Ransomware
We were approached this week by a Queensland based business who had suffered a particularly nasty ransomware infection. The ransomware not only encrypted any files on mapped drives, it was also able to “browse” the network for any open shares and was able to encrypt files in those shares as well.
This unfortunately included the hard drive backup for all of their servers which meant that when we came to try and help them, we weren’t able to restore their files or server images from the local backup. Fortunately the level of infection they had was not catastrophic and they had a cloud backup in place so we were able to restore the individual encrypted files from there and get them up and running again.
It was the first time we had seen this type of ransomware infection where it was able to not only infect mapped drives but also any shares on the whole network that the user could see and had access to.
For network administrators and IT departments, there are 2 things that make this particularly scary. The first is many businesses back up to a folder on a disk and that is shared on the network. Those folders are typically not locked down, if this ransomware can find this, it will infect it. Secondly, the ransomware was able to encrypt backups. Typically backup software creates a proprietary file type that is only used by that software, these latest types of ransomware can encrypt any type of file. They intentionally put exceptions in around the system files which allow for operation of the computer or system because they don’t want to cripple the computer and therefore you are unable to pay the ransom.
So how can you improve your level of protection and minimise the impact?
- Give users access to only what they need
- Lock down any open network shares that have any information in them that if encrypted will have an impact
- Secure your backup storage with credentials
- Set-up a cloud backup or if that’s not practical a backup that you can take off-site.
- Use our 5 Tips on How to Spot a Malicious Email (http://www.suretyit.com.au/blog/5-tips-on-spotting-a-malicious-email/)
It’s obviously to everyone’s benefit that the ransomware is stopped either by the cyber security technology that you’ve put in place in your business or by your user’s awareness to cyber threats. However, if you get an infection you need to ensure that the infection can be minimised as much as possible and that you are able to recover from it. Backups and securing your resources and data are a critical part of ensuring this happens.
About the Author
Geoff Stewart is a highly experienced and skilled IT Challenger at Surety IT. His knowledge is based on years of industry experience having created customised, stable, well performing systems both for multi-national companies in the UK and Australia and Surety IT customers.
Surety IT’s mission is to address and overcome the 4 biggest problems businesses have with their IT systems and support, which are: Poorly performing systems, unreliable systems, unresponsive IT support and poor IT related advice.
We’ve developed a proprietary process that allows us to do that by: thoroughly understanding your business requirements, gaining an in-depth knowledge of your IT systems, identifying mission critical technology issues vital to your business performance and ensuring our ‘Solution Path’ process is specifically designed and tailored for you with value based solutions and support.