by Sheila Blackford ©2016 It is time to be scared about Ransomware, but not paralyzed by fear. The bad news is that there are more cases of ransomware – malware that seizes control of your data, encrypts the data, then demands a ransom to turn over the key to decrypt the data, though many are finding the ransom payment is no guarantee of the data. The good news is that there are things you can do proactively to protect your data, and that is empowering.
The FBI requested that the ABA share Private Industry Notification cybersecurity alerts with the legal community. I want you to read this Ransomware alert then do at least one of its recommendations but I honestly hope you will be scared enough to do them all. To sign up for receiving future alerts, use this link to the ABA. https://shop.americanbar.org/eBus/MyABA/MyLists.aspx
‘While the FBI normally recommends organizations invest in measures to prevent, detect, and remediate cyber exploitation, the key areas to focus on with ransomware are prevention, business continuity, and remediation. “
7 Prevention Considerations from the FBI:
1. Focus on awareness and training. Since end users are targeted, employees should be made aware of the threat of ransomware, how it is delivered, and trained on information security principles and techniques.
2. Patch the operating system, software, and firmware on devices. All endpoints should be patched as vulnerabilities are discovered. This can be made easier through a centralized patch management system.
3. Ensure anti-virus and anti-malware solutions are set to automatically update and regular scans are conducted.
4. Manage the use of privileged accounts. Implement the principle of least privilege. No users should be assigned administrative access unless absolutely needed. Those with a need for administrator accounts should only use them when necessary; and they should operate with standard user accounts at all other times.
5. Implement least privilege for file, directory, and network share permissions. If a user only needs to read specific files, they should not have write access to those files, directories, or shares. Configure access controls with least privilege in mind.
6. Disable macro scripts from office files transmitted via e-mail. Consider using Office Viewer software to open Microsoft Office files transmitted via e-mail instead of full office suite applications.
7. Implement software restriction policies (SRP) or other controls to prevent the execution of programs in common ransomware locations, such as temporary folders supporting popular Internet browsers, or compression/decompression programs, including those located in the AppData/LocalAppData folder.