Hey, how are you doing, my name is Peter Jobst and I’m your IT consultant, and today we have a kind of scary topic that we’re talking about is how to protect yourself from ransomware attacks and before we get to that don’t forget to subscribe to our channel and like this video if you like the content and leave your comments down below. We are always making new content from the comments that you guys leave below, thank you so much for that and let’s get into it.
So let’s just talk about: what is ransomware? Ransomware is an attack that has come up in the last five probably about five years or so it’s become very powerful and very popular and very devastating to companies. And what it is, is an attacker gets through some sort of open port on your network, they get access to your network and they encrypt all of your files so that the files still exist but you cannot access them without getting a key. And if you got onto your system and it says you’ve been checked by ransomware and if you want your files back then you have to pay ransom usually it’s in some sort of bitcoin and they want you to pay so that they’ll give you the key to unlock your files and this is obviously devastating because your servers still exist but all the data on it is is unreadable to you because all the files are encrypted and there’s not much you can do to get to get them back unless you’ve done some things ahead of time and we’re going to get to these right now.
Here’s the number one thing I always talk about, and this is the simple things that we do in life to protect ourselves. That is, keep your operating system up to date, so many times attackers are looking for companies who have known vulnerabilities (and those are things like operating systems not being up-to-date) and they go take advantage of those known vulnerabilities in either a Microsoft system, an Apple system, or maybe even a Linux system, and they go look for a system that they already know the vulnerability and how to get into it, and then they go hack that because they already know how to get into it. And then they leave you a nasty little note that says you gotta pay us to get your files back, and believe me it is a nasty note and you don’t want to see it on your network. So keeping your system up to date is like one of the basic steps that you need to do to protect yourself from even getting hacked in the first place.
Number two, and I’ve seen this a few times in the last two years, I think it’s going on right now with all the COVID happening right now, it seems like hackers are really on the prowl right now and they know that people are kind of working from home and things are a little bit more relaxed or lax on the security side. So I want you to protect yourself from this. And this is to close off any open ports from the outside the number one hack that we’ve seen is people who leave Microsoft RDP open to the outside world. Now, back 10 years ago, maybe 20 years ago this was a very popular thing to leave RDP open to your server so that you could remote control into your server. Well, there’s a known vulnerability in RDP and I’ve seen this happen twice already that customers’ entire networks have gotten encrypted because they got into the server through RDP and then encrypted everything on their network and they got that message.
And we’re going to get down here a little further here so if they do get onto your network and start encrypting things, something that you might want to do is you might want to limit your user access to network shares. So if somebody, if a hacker gets in through an email and they get to a user and let’s say a user gets a “uh hey here’s your invoice you forgot to pay” Excel file in an email and the user double clicks on it and they open it up and they’re like “I don’t know what this is doing” and in the background it’s actually going through on their local system and on any network shares and it is encrypting those files one by one as they go. Well if you limit the access of the network shares that that user has to, the thing is that you can limit the damage that ransomware is doing. If the hackers have access to everything they will encrypt everything. So a good rule of thumb is to limit users access to network shares and not allow one person to have access to everything. You want to really segment it off and only give people access to the things that they need to have access to.
Okay, number four: this is very critical and we see this a lot and this has protected a lot of our clients so I want to share this with you. Number four is use a firewall with IDS (intrusion detection system) and IPS which is intrusion prevention system. So both of these two are new features of higher-end firewalls that usually come along with a subscription. And the IDS is actually out there trying to find out if a hacker is repeatedly hitting an open port or searching a bunch of ports or trying to do some sort of MySQL injection. It will identify that somebody’s trying to hack into you and it will actually usually send you some sort of alert that says, “hey some unusual activity’s happening that you should go investigate what’s going on.” Sometimes you can find it and you can find that there’s a specific IP address that’s trying to hit all these different ports and trying to probe your network to get in, and what you want to do is you want to block that user from accessing your network or you know even being able to ping it or being able to just scan anything from the outside inside. Now the next part of it is the intrusion prevention system and this is more of a control system where it’s looking at what kind of ports are open and is looking to prevent it from happening. And it is a control of an access system, and it can kind of tell whether something is going across multiple levels to try to get access to data. And this is probably the most critical one: so there are times if you were to get encrypted, and you have the choice of: do I pay the hackers the ransom to get my data back, my files back, or in the much better case, that you can restore from a backup, and this is the best case because you can circumvent any of this stuff and you can say “I don’t care you encrypted my stuff, yeah it was mean, but I took care of my systems beforehand and I had backups going, and not only that but I had three different kinds of backups going” because maybe the hacker got in and they saw that you had a backup drive connected to your server, maybe they encrypted that, maybe they saw that you had another system that was connected for backups and they encrypted that, or maybe they even went and deleted it maliciously, and you then have the third one that’s going to save you. So, the types of backups that I highly recommend is that you use different kinds of backups, like we use something called Veeam backup which does snapshots. We also use a Windows local backup, and what we do is we have local backups that stay right on the server and can be restored from easily. We also have weekly offsite backups and these are like the old school USB, take them home, something happens to the building, the most that you’re going to be losing is usually like one week worth of stuff. And here’s a real savior, is the cloud backup with versioning. And the key in here is versioning. If you use a product like Carbonite backup and your server gets attacked by ransomware and it starts to encrypt the files, all those changes are going over to Carbonite at the same time and there’s other versions, like there’s other companies that also do cloud backups and you can kind of pick whichever one you want, I’m just talking about carbonite today. There’s also Crashplan is one of them and there’s other ones out there, but the key is the versioning. Because if you have a backup system that does versioning, when you make a change to a file
it’s like oh well there was a version number one and version number two version number three and along came the encryption and it made a version number four. When you go to restore it rather than having to restore every single file what you can do is you can just restore the version and in that way you can actually recover
your data very quickly.
So there’s other things that can be done but these are kind of the top five things that I wanted to share with you today to protect your office, your servers from ransomware, and you know we’re seeing a lot of this right now, and I want to share this with you and make sure that you’re protected out there. So thank you so much for listening to me talk today, I hope you found this interesting and if you have any questions leave your comments down below. We’re always looking for those comments and questions and we can always do some more videos on that but go ahead and protect yourself, I don’t want to hear any stories about how you got hit by ransomware and didn’t follow these steps 🙂
And if you do, and you did follow these steps, please let us know and let us know how your recovery goes. Thank you so much again, my name is Peter Jobst, I’m your IT consultant and I want you to have a great day. See you later!