
[UPDATE] How to prevent gpg.exe (crypto ransomware executable) from executing on users machines. Add this GPO to your necessary organizational units.
Over the last couple of years we have heard about organizations attacked by crypto ransomware. Earlier this year, we heard about a hospital that was attacked and paid the ransom. Yesterday, we have found this effort has been stepped up and popular websites are becoming carriers of the crypto ransomware via advertisements.
The original method of attack was via e-mail. If the person receiving the e-mail clicked on the link, ransomware would attack both the computer and any file servers that computer and user had access to. Attempting to stop these threats prior to reaching the end-users is becoming increasingly more difficult.
The attackers know that it only takes one user to click on that link and they can effectively render an entire fileserver useless, depending on the rights the employee has for on the server. For every file and folder that user has access to, ransomware can now encrypt that data.
The latest reports show that e-mail wasn’t good enough. They are now using popular websites advertising links to inject their malicious code. This is called malvertising. Since advertising is often in a place that sees high volumes of activity, this can quickly affect many users and computers in a short period of time.
There are a few ways to help reduce the risks to you and your organization. One, reduce the amount of ad clicks, much more difficult to prevent I realize, but reducing or eliminating clicking on advertisements would be highly recommended. Another method is to increase the frequency of your backups. Doing so would not prevent the attack from occurring but could reduce the severity of the attack. The last advice and more difficult to implement is reducing the rights users have to file servers. This isn’t an easy task by any means, but perhaps now is the best time to have a review.
As you might have already guessed, this is all about backups. National Backup Day was just a few days ago, on March 31, and I know that millions of individuals and businesses still aren’t adequately backing up your files.
3-2-1 Rule
As we are all familiar sometimes things just go wrong, no rhyme, no reason its just part of life! Backups are essential for this reason, among other things! Have you heard of the backup method called the 3-2-1 Rule? While it isn’t my idea, I have worked to implement this method both professionally and personally, many times. The thought process behind the 3-2-1 Rule is relatively simple: 3 copies, 2 formats and 1 of the copies must be off-site.
3 Copies = Redundancy!
What we are protecting by using this method is your data! Three copies does seem to be a bit much, but I’m sure you’ve all had a time or two you thought your data was saved or couldn’t find it when you went to restore your file(s). This ensures that at least one of those backups is still valid.
2 Formats = pick your flavor, any flavor!
DVD, CD, SSD, NAS, SAN…it is completely up to you! But pick TWO! Please do not store two of your copies on the same format. If that device goes down, you are now down to your last resort! Speaking of last resort, lets talk about that…
1 Off-Site = Yes, a different physical location!
The 1 is for a single copy of your data to be store at an off-site location. Whether this is at different geological location or in the cloud is up to you. Whatever you do, make certain you have a single copy of your data backed up in a different location. There are quite a few online backup services out there, and I would definitely recommend something that is known for security, if you choose to go this route!
Even working in this arena professionally, it can be difficult to first implement and then follow through with a backup solution and I’ve recently been reviewing some new online backup solutions. Currently I’m investigating Tresorit which is a service that prides themselves on security. They have invited hackers to hack into their systems. As of yet, not one has been successful. I will be trying their software out over the next few days to see what I think, and I’ll post an update down the road with my thoughts!
Hopefully this is one more nagging reminder that entices one or two of you to put a backup solution into place that’ll work. If so, then this post is completely worth the time and effort! 🙂
I welcome your questions and comments!