The FBI has made us aware of a “credible” ransomware RYUK threat to anyone in small and medium business institutions, especially anyone in or associated with healthcare.
To keep this sort of disaster out of your network, consider the following:
1. Keep educating your users about the latest phishing threats. A significant proportion of ransomware attacks begin with a foothold gained by the crooks through fraudulent web links or attachments sent unsuspectingly via email. Consider phishing education tools that allow you to test and educate your users with realistic but fake phishing emails, so they can make their mistakes with you and not with the crooks.
2. Regularly review your remote access portals. Shut down remote access tools you don’t need, pick proper passwords, and require the use of Two-Factor Authentication (2FA) whenever you can. One forgotten or incorrectly configured RDP server, or one SSH account that’s been phished and isn’t protected by 2FA may be all the crooks need to initiate their attack.
3. Patch early and patch often. Patches aren’t just for internet-facing servers. Criminals identify and exploit buggy software inside your network to make a bad thing worse by expanding what’s called the surface area of an attack.
4. Don’t ignore the early signs of an attack. If your system logs are showing an unusual pattern of threat detections – malware apparently launched from inside the network, or sysadmin tools turning up where you wouldn’t expect them – don’t delay, investigate immediately.
5. Consider getting help if you need it. Experts such as the ISM Security Team, which works in conjunction with the Sophos Managed Threat Response and Rapid Response teams, can jump in at short notice when you spot trouble. We help out (or even take care of the whole thing for you) when you simply don’t have the time or staff to investigate in detail yourself.
6. Give your staff a single phone number or email address where they can report trouble. Equip your staff to be the eyes and ears of your security team and they’ll help you catch attacks sooner. Ransomware crooks don’t send one “phishy” email to one person and then move on to another company if it doesn’t work. The sooner someone says something, the sooner you can take action, and you decrease your chances that anyone will be affected.
Remember, your company data is one of your most valuable company assets! For anyone concerned (and there should be a lot of you), we recommend an advanced live monitoring solution for at least the next 6 months. This is a 24×7 live human monitored solution, that communicates 24×7 with our team, AND eliminates any possible threats.
Most ransomware gets installed and surreptitiously watches your network anywhere from a month to 6 months, deletes backups, exports data, “reads” your accounting value, “reads” your cyber liability coverage documents, then encrypts your data and machines and asks for a ransom with a “live” hacker at the controls during the encryption and ransom period.
If you’re in need of our 24x 7 monitoring solution or have questions, please contact us today at email@example.com or (406) 443-8386.