In today’s modern climate, every computer should have an effective, up-to-date and comprehensive anti-virus software package running on it. This is particularly important for computers that connect to the internet but it is also important that all other computers are protected.
Viruses have evolved and virus-writers now use sophisticated techniques to access vulnerable computer systems for malicious purposes. The threat landscape is continually changing and it is imperative that your company has comprehensive protection in place to keep your data and systems safe. Viruses themselves are just one of the many threats now being faced – others currently include Ransomware, Trojans, Botnets, Malware, Phishing and identity theft etc. Today’s threats are more about criminal intent.
SM Computer Solutions can help you to protect your systems and recommend anti-virus products that we have known to be successful and secure over the years. We also spend time identifying the need for anti-virus software before recommending the most appropriate product for your system.
If you’ve picked up a virus or your systems have been attacked, we can also help with recovery.
Call us to discuss how we can help protect your systems.
Why do you need protection for Ransomware? Well…there are actually two different types of Ransomware: Encrypting Ransomware and Locker Ransomware.
Encrypting Ransomware: This is designed to block system files and demand payment to get a key to decrypt the blocked content.
Locker Ransomware: This locks the user out of the operating system. You will not be able to access the desktop and any apps or files. Nothing is encrypted however the attacker will still ask for a ransom to unlock the infected computer/device.
Some of the attackers will not unblock or decrypt your files even if the ransom has been paid. We encourage you to not pay the ransoms as this only encourages and funds the attacks. Never give out any of your personal information when something suspicious is sent to you. This can be through phone calls too. In some serious cases you will not be able to regain access to your files after the ransomware has occurred. Ransomware attackers are using a very strong form of threat which has made it complicated when it comes to recovering files and devices. This can end as impossible for the recovery to even happen. Company devices need to be protected and employees need a high and secure amount of training to ensure that no ransomware ever makes its way onto any device. All of this is needed to ensure that no valuable stored data is lost forever.
Stop ransomware with Sophos’ Intercept X, combining deep learning with best-in-class anti-exploit technology, CryptoGuard anti-ransomware capabilities, root cause analysis, and more to give you the industry’s most comprehensive endpoint protection. Sophos XG Firewall protects your perimeter by integrating exploit prevention and CryptoGuard Protection technologies from Intercept X. These capabilities identify malware exploits and ransomware before they get onto your network. Combined with XG Firewall’s Intrusion Prevention System, you get protection from endpoint vulnerabilities as well as network vulnerabilities
Instant Threat Identification and Isolation with Synchronized Security
Get better protection against advanced threats and spend less time responding to incidents with Sophos Synchronized Security. Synchronized Security brings Sophos’ best-of-breed products together to detect and prevent advanced attacks. It isolates infected endpoints before the threat can spread, slashing incident response time by 99.9%. You can identify the source of an infection on your network and automatically limit access to other network resources in response until the infection is cleaned up.
Protection of Encrypted Traffic
Sophos XG Firewall ensures that encrypted traffic in your network does not remain a blind spot by offering a fully transparent SSL scanning, enforcement, and protocol validation. SSL decryption securely intercepts and decrypts SSL traffic to allow deep scanning for security, compliance, and policy checks with policy-driven opt-outs, allowing privacy for sensitive traffic. Protocol enforcement for encrypted traffic connections identifies and blocks unwanted traffic trying to bypass filtering or traffic shaping.
Use the latest version of your security software
Install the most recent version of your security software, as many infections occur because outdated solutions remain in place. If you have a valid ESET license, updating to the latest version costs nothing. If you are still using ESET Endpoint Security versions 3 or 4, we strongly recommend updating to the newest, 6th generation of our business products, which applies the latest technologies specially crafted to improve client protection from malware that uses obfuscation and/or encryption to stay undetected. Examples of these technologies include Advanced Memory Scanner,
which looks for suspicious behavior after malware decloaks in the memory, and Exploit Blocker, which strengthens protection against targeted attacks and previously unseen vulnerabilities, also known as
Keep your security software’s virus database up-to-date
New versions of ransomware are released frequently, so it is important that computers and other company devices receive regular virus database updates. Among other precautions, this helps to ensure they are not vulnerable to ransomware infections. ESET products check for updates every hour, provided they detect a valid license and a working Internet connection.
Enable the ESET LiveGrid® cloud protection system
Unknown and potentially malicious applications, and other possible threats, are monitored and submitted to the ESET cloud via the ESET LiveGrid Feedback System. The samples collected are subjected to automatic sandboxing and behavioral analysis, which results in the creation of automated signatures if malicious characteristics are confirmed. ESET clients learn about these automated detections via the ESET
LiveGrid Reputation System in a matter of minutes, without the need to wait for the next signature database update. If a process is deemed unsafe – such as deleting a backup – it is immediately blocked. It is important to note that ESET LiveGrid uses only hashes of suspicious files, never their contents, thus respecting the privacy of ESET customers.
Back up important data regularly
The single, best measure to defeat ransomware before it even starts its malicious activity, is to have a regularly updated backup. Remember that malware will also encrypt files on drives that are mapped and have been assigned a drive letter, and sometimes even on drives that are unmapped. This includes any external drives such as a USB thumb drive, as well as any network or cloud file stores. Hence, a regular backup regimen is essential, ideally using an off-site, offline device for storing the backup files.
Patch and update your software automatically
Malware authors frequently rely on people running outdated software with known vulnerabilities, which they can exploit to silently access company devices and their systems. Businesses can significantly decrease the potential for ransomware pain if they make a practice of updating company software and devices as often as possible. Some software vendors release security updates on a regular basis, but there are often “out-of-cycle” or unscheduled updates in cases of emergency. Enable automatic updates if you can, or go directly to vendors’ websites.
Pay attention to your employees’ security training
One of the most common infection vectors is social engineering – methods that are based on fooling users and trying to convince them to run executable files. By claiming to be a tracking notification email from a delivery company (such as FedEx or UPS), an email from their bank, or an internal company message such as New_Wages.pdf.exe, the attackers try to dupe employees to achieve their malicious goals. To prevent this from happening, employees should be trained not to open any unknown or suspicious email attachments, links or files.
Show hidden file-extensions
Ransomware frequently arrives in an email attachment with the extension “.PDF.EXE”. This counts on Window’s default behavior of hiding known file extensions. Re-enabling the display of the full file extension
makes spotting suspicious files easier.
Filter executable attachments in email
If your gateway mail scanner has the ability to filter files by extension, you may wish to block emails sent with “.EXE” file attachments, or those with attachments that have two file extensions ending with an
executable (“*.*.EXE” files, in filter-speak). We also recommend filtering files with the following extensions: *.BAT, *.CMD, *.SCR and *.JS.
Disable files running from AppData/LocalAppData folders
A notable behavior of a large proportion of ransomware variants is that they run their executable from the AppData or Local AppData folder. You can create rules within Windows or with intrusion prevention
software to disallow this behavior. If for some reason legitimate software is set to run from the AppData rather than the usual Program Files area, you will need to exclude it from this rule.
Consider shared folders
Bear in mind that any company device infected by ransomware might also cause encryption of all files in shared folders to which it has write permission. For this reason, employees should consider which valuable
and sensitive files they store on shared disks, as their data in these locations might get encrypted by malware, even though their computer wasn’t directly infected.
Ransomware often accesses target machines using Remote Desktop Protocol (RDP), a Windows utility that allows others to access desktops remotely. Cybercriminals have also been known to log in via an RDP session and disable the security software. It is best practice to disable RDP unless you need it in your environment. For instructions on how to do so, visit the appropriate Microsoft Knowledge Base articles.
Use a reputable security suite
Malware authors frequently send out new variants of their malicious code, trying to avoid detection, so it is important to have multiple layers of protection. Even after it burrows into a system, most malware
relies on remote instructions to perform serious mischief. If you encounter a ransomware variant that is so new that it gets past antimalware software, it may still be caught when it attempts to connect with its Command and Control (C&C) server to receive instructions for encrypting files. ESET’s latest software suite provides an enhanced Botnet Protection module that blocks malicious traffic trying to communicate with a C&C server
Use System Restore to get back to a known-clean state
If System Restore is enabled on the infected Windows machine, it might be possible to take the system back to a known-clean state and restore some of the encrypted files from “shadow” files. But you have
to outsmart the malware and move quickly. This is because some of the newer ransomware has the ability to delete the “shadow” files from System Restore. Such malware will start deleting “shadow” files whenever the executable file is run, and you might not even know that this is happening, since executable files can run without the operator knowing, as a normal part of Windows system operation.
Use a standard account instead of one with administrator privileges
Using an account with system administrator privileges is always a security risk, because then malware is allowed to run with elevated rights and may infect the system easily. Be sure that users always use a limited user account for regular daily tasks and the system administrator account only when it is absolutely necessary. Do not disable User Access Control.