Watch out 2017! Ransomware is on the rise.

Public sector – Schools, UTC’s and Universities are the most vulnerable to threats from ransomware.

Whilst Universities and NHS Trusts have been hit by an unprecedented number of ransomware attacks in the last year, we saw a number of Primary and Secondary schools falling prey to attackers demanding a financial reward once their networks have been compromised.

How does my network get compromised?

For the most part, we’ve seen ransomware delivered through drive-by downloads – often impersonating a popular app, thereby increasing the chances that you’ll click on it. To avoid these threats, users should be very careful about what apps they install, and where they come from. Our advice, read the reviews on Google Play, and avoid side-loading from untrusted sources.

Like most computer viruses, ransomware often arrives in the form of a phishing email, spam, or fake software update – which requires the recipient to click a link or open an attachment.

All of your personal files will be encrypted and you’ll soon realise that the files you have been working on, no longer open as intended and the file extensions have been changed to something you are not familiar with. Your attacker will then demand a financial reward to decrypt them.

We recently experienced a new strain of ransomware that deletes the shadow copies of your files – which means that rolling back to recent versions of your data, are not possible anymore. There are said to be over 120 families of ransomware making their rounds and unless a good backup strategy is employed, your data will be lost!

Why are they targeting the public sector?

Two reasons:

• Vulnerability
• Value of information

The public sector is an easy target because safeguarding is important to all of its stakeholders – with protecting sensitive information being of utmost priority.

Joskos has to date been 100% effective in removing ransomware from our customers’ networks.

N.B. Researchers have seen a 3,500% increase in the criminal use of net infrastructure that helps run ransomware campaigns.

Coupled with a good backup strategy we are fast becoming experts in restoring your data after an attack.

Below are some good practice points to assist in awareness.

Prevention Efforts

• Make sure employees are aware of ransomware and of their critical roles in protecting the organisation’s data.
• Patch/Update operating system, software, and firmware on digital devices.
• Ensure antivirus and anti-malware solutions are set to automatically update and conduct regular scans.
• Manage the use of privileged accounts—no users should be assigned administrative access unless absolutely needed, and only use administrator accounts when necessary.
• Configure access controls, including file, directory, and network share permissions appropriately. If users only need to read specific information, they don’t need write-access to those files or directories.
• Disable macro scripts from office files transmitted over e-mail. Implement software restriction policies or other controls to prevent programs from executing from common ransomware locations (e.g., temporary folders supporting popular Internet browsers, compression/decompression programs).