By Lysa Myers
It can often feel like every day brings news
stories about ransomware
attacks on businesses, particularly at hospitals
and schools.
While the life-or-death nature of hospital data might force some healthcare
organizations to accede to criminals’ demands in hopes of restoring access to
that data as quickly as possible, some schools are also falling prey to these
demands.
Paying criminals is never a good idea, even when it
seems expedient. Ransomware authors are under no obligation to actually give
you what you pay for, and there have been plenty of cases where either the
decryption key did not work or the ransom note never even appeared. Suffice it
to say that cybercriminals are not generally renowned for their excellent
software testing or devotion to quality customer service.
There are plenty of things that you can do now that
will help you avoid a school ransomware problem entirely, and there are even a
few things you can do that might help repair the damage so you don’t have to
fork over ransom money.
What makes schools unique?
In a way, schools are like small cities: they often
have healthcare clinics, stores, restaurants, sometimes even banks, plus they
have accountants, administrators, etc. They have various types of company and
personal financial data, healthcare information, student and staff records –
all of which are very sensitive and thus very lucrative to criminals.
Ransomware is a special situation within malware,
where data are not necessarily exfiltrated from a victim’s system (as with
other kinds of modern malware). Instead, access to that data is interrupted. If
you’ve ever had to deal with the disquiet of a student or teacher under
deadline, you know that while timely access may be less a matter of life and
death than in a hospital, it’s still absolutely crucial in a school.
And while hospitals are fairly limited as to which
devices are approved to enter the network, schools generally encourage their
users to bring their own devices. This brings a higher level of challenge, as
an untold number of unmanaged machines are connecting to the network each day.
What can you do about it school ransomware
Let’s start with the things you can do in advance
to help prevent malware from getting on your system in the first place, and to minimize
damage if it does happen.
Back up your data
The single most important thing you can do to
prepare for emergencies, including being affected by ransomware, is having a
regularly updated and secured backups.
Many ransomware variants will encrypt files on drives that are mapped. This
includes any external drives such as a USB thumb drive, as well as any network
or cloud file stores to which you have assigned a drive letter. So your backup
needs to be on an external drive or backup service, one that is not assigned a
drive letter, and that is disconnected from your systems and network when not
in use.
Keep your software up to date
Malware authors frequently rely on people running
outdated software with known vulnerabilities, which they can exploit to get
onto your system unobserved. It can significantly decrease the potential for
malware infection if you make a practice of updating your software often.
Enable automatic updates if you can, update through the software’s internal
update process, or go directly to the software vendor’s website. Malware
authors sometimes disguise their creations as software update notifications, so
by going to known-good software repositories you can increase the odds of
getting clean, vetted updates. On Windows, you may wish to double-check that
old – and potentially vulnerable – versions of the software are removed, by
looking in Add/Remove Software within the Control Panel.
Use a reputable security suite
It is always a good idea to have both anti-malware
software and a software firewall to help you identify threats or suspicious
behavior. Malware authors frequently update their creations to try to avoid
detection, so it is important to have both layers of protection. If you run
across a ransomware variant that is so new that it gets past anti-malware
software, it might still be caught by a firewall when it attempts to connect
with its Command and
Control (C&C) server to receive instructions for encrypting your
files.
Use the Principle of Least Privilege
The Principle of Least Privilege says that no users
or systems should have more access than is necessary to complete tasks that are
legitimately within the scope of their work. As a general rule, most users
should not have administrative rights on their machines, and should be limited
in their ability to access resources outside of their own purview. Students
should have different access levels than teachers, who should have different
access than administrators. Personal devices brought from home should also be
treated differently from machines that always remain within the school network.
If appropriate barriers are in place, you can slow or halt the spread of
malware.
Educate your users
While accidents do happen, it is important for all
of your users to understand what acceptable use of school resources entails.
This is something that should not just be done once at the beginning of the
year and forgotten by the time midterms come around, but is an exercise that is
revisited frequently. Posters or other educational materials can be displayed
prominently, wherever public computers or internet connections are available.
It is also imperative to encourage your users to let you know when an accident
has occurred, so that damage can be limited by quick corrective action.
Rewarding safer security behavior, including pointing out problems, can help
you to foster that encouraging environment.
The next few tips are to help you deal with the
methods that current ransomware variants have been using – these tips may not help
in every case, but they are inexpensive and minimally intrusive ways to cut off
access routes used by a variety of malware families.
Disable macros in Microsoft Office files
Most people may not be aware that Microsoft Office
Files are like a file-system within a file system, which includes the ability
to use a powerful scripting language to automate almost any action you could
perform with a full executable file. By disabling macros in Office files, you
deactivate the use of this scripting language.
Show hidden file-extensions
One popular method malware uses to appear innocent,
is to name files with double extensions, such as “.PDF.EXE”. This takes
advantage of default behavior within Windows and OS X of hiding known
file-extensions., Malware takes advantage of this behavior to make a file
appear to be one that would commonly be exchanged. If you enable the ability to
see the full file-extension, it can be easier to spot suspicious file types.
Filter EXEs in email
If your gateway mail scanner has the ability to
filter files by extension, you may wish to deny mails that arrive with “.EXE”
files, or to deny mails sent with files that have two file extensions, the last
one being executable (For example, “Filename.PDF.EXE”). If you do legitimately
need to exchange executable files within your environment and are denying
emails with “.EXE” files, you can send them within ZIP files or via cloud
services. Sending in ZIP files can also give you an extra layer of assurance,
as it allows you to choose an official, universal password for use within the
company, which can help you identify unofficial files.
Continued on :