Protect Yourself from Ransomware - Security Awareness Message for June 2016

Ransomware, Photo credit Carlos Amarillo / Shutterstock

In the past couple of months we have seen a growing number of ransomware campaigns targeting healthcare(1) and critical infrastructure(2). This month’s security awareness message aims to address questions staff may have about how to protect themselves at home and at work.  Feel free to use the following text to spread the message in your organization, and to create a culture of security:

“You may have heard about “ransomware” in the news, and how cyber-criminals are targeting commercial organizations by spreading malware.  Did you know that your home computer may also be at risk?  This malware, when it is installed, works by locking (or “encrypting”) all the files on the computer and any other files that it can find through shared folders, and then demands payment to unlock (or “decrypt”) these files.  The ransom money is used to fund organized crime, and further encourages the proliferation of these types of attacks.

Here are some suggestions for how you can protect yourself from ransomware both at home and at work:

1. Always ensure that you have more than one copy of your important files.  That way if your hard drive is encrypted by ransomware you can wipe it clean and restore your files from backup.
2. Keep your backups in a safe location, offline if possible.  Do not store backups on the same computer, or on a network drive that is always connected.
3. Do not mount network shares or join a Windows Workgroup or Homegroup unless you absolutely need to.  Connect to the network share when needed, and disconnect when you no longer need access.
4. Keep your operating system and application software up-to-date by checking for and installing patches.  Ensure that your antivirus software is up-to-date and running.
5. Avoid logging in with administrator accounts.  Provision other users on your home computer with regular user access, not administrator access.

And, as always, your best defence is to never click on any link that you do not trust.

If you suspect that you have installed ransomware and your computer is being encrypted, then power off the computer immediately, disconnect the network cable, and call the helpdesk to report the incident and recover.”

Remember to include a link to your organization’s relevant policies for where and how to backup important company data on laptops and desktops, and reference the relevant sections

Here are some links to further reading:

• Microsoft Ransomware FAQ (for home PC users) https://www.microsoft.com/security/portal/mmpc/shared/ransomware.aspx
• FBI Warning on Ransomware https://www.fbi.gov/news/stories/2016/april/incidents-of-ransomware-on-the-rise/incidents-of-ransomware-on-the-rise
• Case Study (1):  Hollywood Presbyterian Medical Centre http://www.cbc.ca/news/technology/hollywood-hospital-hack-ransomware-trends-1.3462062
• Case Study (2):  Michigan Power and Water http://www.securityweek.com/michigan-power-and-water-utility-hit-ransomware-attack

This article first appeared on LinkedIn May 12, 2016 https://www.linkedin.com/pulse/infosec-awareness-message-june-protect-yourself-from-westgate

Follow me on twitter @AM_Westgate  

Ann-Marie Westgate is a Sr. Information Security Consultant with Digital Logic Solutions Inc.  Please contact us for information on how we can make your security awareness program easy.