8. How to Protect Against Ransomware

Stupid: trying to be your own cybersecurity expert. Irresponsible: trusting your IT person without a 3rd party audit. We'll give you the top 9 things to look for to know if you are properly protected!
Schedule a 10-minute Discovery Call
Master Computing will work with your business to develop a strategy that will provide you with peace of mind and will allow you to concentrate on growing your business instead of stressing about cybersecurity and data protection. Just go to www.master-computing.com/discovery and schedule your free consultation. 

Subscribe


In today’s episode Justin and Joe get into ransomware. We’re on episode 8 of Stupid or Irresponsible and for 7 episodes now we have been breaking down ransomware. Last week’s episode we talked about the ransomware attack on Garmin Connect, this week we are talking about one that is a little bit older (not making headlines anymore) but still very much out there in the wild. WannaCry Ransomware

In this episode we discuss...
  • What NOT to do if you want any hope at protecting against ransomware.
  • The background story of this virus (P.S. this is almost as interesting as the actual exploit itself) 
  • How ransomware works - paralyzing machines and demanding bitcoin ransom, WannaCry jumping from one machine to the next
  •  and the 5 different stages of this malware spread 
  • Why cybersecurity researchers named the worm "WannaCry"

Not too long ago, the WannaCry ransomware attack was all over the news, infecting over 400,000 computers. The threat was fairly straightforward: Pay us or we’ll erase your files. 
 
Ransomware, like the WannaCry attack, works by encrypting your files to prevent you from using or accessing them. After your files are compromised, the hackers behind the attack then pop up a demand screen asking for payment within a set time frame (e.g., 72 hours, three days, etc.) in order to get the key to decrypt your files. WannaCry forced many business owners to lose data or pay up since there was no other way to decrypt the files – and many paid without getting their files back.

Obviously the best way to foil a ransomware attack is to be incredibly diligent about IT security; but with hundreds of thousands of new attacks being created daily, there are no guarantees that you won’t get infected. Therefore, it’s critical to maintain a full, daily backup of your data so you never have to pay the ransom – AND your backup needs to be a professional-grade backup that is impervious to ransomware since hackers write their attacks to infect BOTH your PC/server AND your backups. 


Show Notes:
  • 5:00 - Joe tells the story of WannaCry Ransomware 
  • 5:50 - How did this worm get the name "WannaCry"?  
  • 6:10 - The background story of this virus (listen - this is almost as interesting as the actual exploit itself!) 
  • 6:25 - How did this virus start? (Hint: your employees are your weakest security link!)
  • 6:50The different stages of ransomware: 
    • 1. Initial access
    • 2. Execution 
    • 3. Escalation 
    • 4. Defense evasion – hiding around from your antivirus  
    • 5. Then the exploit, the impact
  • Stupid: When it comes to cyber security stupid is thinking you can DIY. Thinking you can protect your business from these hackers by yourself. “Thinking you can do this yourself, that cyber security is a DIY type activity is flat stupid” - (16:00)
  • Irresponsible: Is trusting your IT company / cyber security firm WITHOUT VERIFYING. - (16:55)
  • The DIY approach to security - we are going to talk about DIY first to make the point we are giving this formula NOT as a formula to do it yourself, but to rate your current support system. Then, if these things aren't happening you know you’ve got to do something different now! - (20:00)
  • 20:17 – If you can't easily answer these questions about the things happening in your company YOU HAVE A PROBLEM!
    • For example – Is your backup running? Are there test restores going on? 

  • Top 9 ways to protect against ransomware: - (21:40)
  • #9 - Data Backup (test restore) 
    • Have a solid backup  - this used to be #1 most important on the list and the get out of jail free card
    • Now a backup alone is NOT ENOUGH!
  • #8 - Get a good, enterprise-grade firewall  
    • Get a good firewall, that is current, up-to-date security subscriptions, somebody monitoring the firewall. Get a good firewall make sure somebody's watching it. 
  • #7 – Password Management in place  
    • (Listen to Episode 1: The Stupid things people do with passwords) 
  • #6 - Policies and Procedures
    • If your IT company isn’t doing this for you and doesn't have this place then you’ve got some questions to ask! 
  • #5 - Two factor authentication (2FA) in place
    • If your IT company isn’t annoying you to death, then they aren’t doing their job!  
  • #4 - SOC 24/7/365 
  • #3 – Behavior-based anti-malware
    • You have to have a behavior-based anti-malware in place, but all this does when it finds something suspicious is it raises an alert. Which goes back to our point that someone needs to be watching this, getting alerts all day every day!
    • Most businesses don’t have the capacity to do this on their own, both in time & expertise.  
    • Generally, this is something that is outsourced. 
  • #2 – End User Training 
    • This is the 2nd most important thing you can do, it is CRITICAL! (28:30)  
    • Things are changing every day. Something new is going on, something changed, hackers are getting smarter (28:30
    • By training your end-users, employees, this creates a culture of awareness and gives them refresher.
    • Phishing simulated attack – we have a security piece that will send us a fake email that says click this link – when we do click on it, it locks our computer down and makes us take a training course 
    • If you don’t have that in place you have questions to ask your IT company guys 
  • #1 - 3rd Party Review
    • This is the NUMBER 1 thing you NEED to do that is absolutely critical to protecting your network. Have a 3rd party audit and extra set of eyes checking others work. (30:10