This is part of a series of interviews with Asigra Partners. In this post we’re talking with Greg Drumsta from tech42 about his experience protecting customers from ransomware and advice for preventing this type of attack.
SC: Tell us a little about yourself.
GD: My name is Greg Drumsta, and I am the Cloud Services Administrator of tech42 (@tech42llc). We understand that organizations need to keep their most important files both secure and accessible. Our focus is providing the most efficient technology stack for organizations to maintain high availability and mitigate security risks. We offer premium affordable services that enable our clients to get the most for their money from our Dunmore, Pennsylvania headquarters.
I am responsible for managing backup, anti-virus, Exchange, spam filtering and website hosting for numerous organizations. During my time at tech42, I have been able to restore files affected by ransomware encryption, saving many man hours of work for our clients. Along with my passion for technology, I am always striving to deliver quality customer service as a knowledgeable advisor to our clients.
SC: What are your experiences with helping clients protect their data against ransomware?
GD: One of our managed backup customers, an architectural firm, contacted us when 75% of the data across their file shares had been encrypted by ransomware. At that time in 2014, ransomware was a relatively unknown form of malware, so I had to familiarize myself with which file extensions this strain was targeting. As it turned out, many of the encrypted files were common Office formats like .doc and .xls. Asigra Cloud Backup™ gave me the control I needed to manually restore each affected file extension.
We were able to restore all of their files without the need to pay the ransom demand. The results would’ve been devastating to our client if they haven’t had a backup, forcing them to repeat months of lost work and face the financial consequences of missing deadlines.
SC: Do you have any tips for organizations on how they can avoid ransomware altogether?
GD: Sure. I have 7 key points organizations should keep in mind to prevent this type of attack.
- Regularly backup important data
Data is the lifeblood of most organizations and it can be difficult, if not impossible to recreate original data. Computers can be lost, stolen, or destroyed in a fire or other catastrophe so having a backup plan is essential to recover business-critical data. Besides scheduling automatic backups, it’s also a good habit to make extra copies of your personal or critical work data on a regular basis. This means copying your files over to a protected system that you can access when those files are needed.
The most commonly overlooked area when organizations are looking to create a backup plan is email. A lot of critical business information is contained in email alone so being extra careful to include it in your current backup plan is a must. I’m a big fan of Asigra’s platform-agnostic solution which helps organizations manage backup better over multiple point solutions, allowing backup for anything on any system.
- Tighter exclusions on antivirus software
Relying exclusively on antivirus to protect you from all threats is not enough because it’s ineffective in spotting and stopping ransomware. Make sure you have an internet policy for web browsing that’s clearly communicated to your employees. It’s important to remember that the spam filter can’t catch every harmful email that’s aimed at your organization, particularly zero-day viruses.
I think all IT departments should prohibit illegal or non-compliant downloading of pirated materials in an Internet use policy. They can be major bandwidth stealers which may contain viruses.
- Double-check the email sender
Often times, emails from people we don’t know can contain suspicious attachments, so looking at the email sender can help you identify whether an email attachment is malicious or not. Always check the “to field” to see if it matches the name it comes from. If it looks strange check the IP addresses and Mx record origin from the sender. There are many great resources online to check for IP origin as well. On the other hand, an attachment can be malicious even if you know the sender! If an email from someone you know is questionable, you may want to give them a call or ask them in person. If they didn’t in fact send the email, they’ll appreciate you notifying them that their computer or email may have been hijacked.
- Don’t click links in a suspicious email
If you are unsure, do not click the link in an email. As a best practice, hover over links to ensure they are going to the correct destination before clicking them. Also, headers may have strange IP addresses meaning it’s coming from a different country, which is a dead giveaway.
- Don’t download questionable attachments
Generally speaking, reading the contents of an email is safe, but the attachments can be harmful. Even though many email servers will do most of the work in removing potentially dangerous attachments, you still have to be extremely cautious to never run an attachment unless you are absolutely sure of its origin.
- Maintaining up-to-date software
To prevent ransomware, make sure you have updated software, including your operating system, browser and any toolbar plug-ins you use. In addition, ensure that your antivirus software and firewall protection is up to date as well. A great way to ensure that your endpoint software is updated is by having a remote monitoring and management tool.
One major security risk that may occur with outdated backup agents is code exploitation which can result in backup fails or having it finish slower.
- Having both anti-malware software and software firewall
It’s always a good idea to have both anti-malware software and a software firewall set in place to identify suspicious behavior. These two layers of protection can significantly help strengthen your defense against new malware variants and emerging cyberattacks.
Having anti-malware software and a good anti-virus program in place that has an anti-malware component is a step in the right direction. Ensuring it is centrally managed and monitored by an administrator is also key to ensure any issues are identified right away. Workstation software never replaces a traditional firewall, only working in conjunction with it.
SC: Greg, thanks for your time today.
GD: No problem. If anyone is interested in learning more about how tech42 can help you mitigate risk against ransomware or other forms of data loss, please contact us at www.tech42llc.com/contactus