Last week I got face to face with a rather ugly beast in my environmental habitat. I, an occasional technical engineer unknowingly bumped into a network infected with a nasty virus: Cryptowall. Never heard of it? Bless you! But don't let it pass to your attention that quickly.
Cryp to what? Cryptowall?
So, what am I speaking about? Cryptowall is a new variant of the viruses that encrypt your data and afterwards bribes you to pay for the unencryption of your data. The documents that you saved on your computer all of a sudden are no longer opening and you may lose important data.
We all know we shouldn't save our data locally but on a server or at least have a copy. But, there is no guarantee that when your computer gets infected, your server, or at least the documents you copy to the server, are not getting encrypted also. After all, your computer has an access to this server, so the virus installed on your computer has as well.
Backups are not enough
You have backups, you say? What if tonight your already encrypted document overwrote the good backup you made only yesterday? And who says that when you find out a document is encrypted, this only happened yesterday? These viruses tend to play their role in the background, and may be encrypting documents for some days or maybe even a week before you bump into it.
Prevention is the way to go
So, what can you do? First off all, it is better not to get infected rather than having to "heal" from a virus. Therefore it is important to invest not only money but also time in the security of your system. You already have a anti-virus installed on your computer you may say? That's a good start. But I also would like to speak about the security of your network, and not only your local computer. On top of that, a good firewall will help to protect your network against malicious attacks. ,
Yet technical solutions are not everything. A good and clear policy existing of who can access which system is not just handy. You are not only in need of granting people or systems access to needed systems, but also blocking access to unneeded systems is important. Next to that it seems that a lot of computer systems that are daily used are not up to date. Think about all organizations that are still use computers running Window XP or people that still use servers on Windows Server 2000, operating systems that are no longer supported by Microsoft itself for a while now. The best thing is to get around the table with your IT-specialist and to speak about these threats.
Security starts with the users
It’s important to train your users in how to use their computers. Some simple actions can make it a lot more difficult for a virus to spread into your network. For example: a lot of computers are not up to date because "running these 25 updates will make me be late" so people tend to choose to shut down without installing updates. These security updates are made for a reason... Train your users to react properly on malicious mail, the medium viruses like these are being sent into our virtual world. How can you know an email is malicious? Here are some quick golden rules:
- Are you getting newsletters from a service you didn't subscribe to? Delete the emails
- Are there a lot of obvious grammar or spelling mistakes? Delete the email.
- Emails are written in a way to make you tend to open an attachment? Delete the email, especially when the file in the attachment is a zip-file.
When you are following the rules written above, also make sure that, when in doubt of an email (when you do not know the sender) you don't download the images. Images can be used to hide code in them, downloading the image may make your email-client run the code inside them.
Train users to read messages instead of clicking ok until the message disappears. Train them to know which sites they can trust and next to that, learn them to not just clicking only "Next" during installation. A lot of adware is getting installed with the user’s permission because we do not read those setups.
When you are keeping these things in mind, it will be a lot harder for viruses to exploit your network. It is one of the easiest options to help you to avoid getting infected and losing a lot of confidential information.