Is Your Company Protected from Ransomware?

By Patrick Tamburrino

Think of it as a heist. Instead of force in exchange for your purse or wallet, it’s an attack on your confidential online files.

It’s called ransomware. Last month, a new form of ransomware called WannaCry interfered with Microsoft Windows-based systems to infect tens of thousands of computers in over 100 countries, including Memphis-based FedEx Corp. WannaCry has been called one of the worst and most widespread use of malware that security experts have ever seen.

Ransomware is currently one of the most profitable types of malware for criminal coders and a frequent disruptive IT risk for businesses across a variety of industries. Ransomware attacks grew to 638 million in 2016, compared to just 3.8 million ransomware attacks attempted in 2015, according to SonicWall.

The name ransomware is as serious as it implies; in place of holding a person or thing for ransom, the WannaCry ransomware locked up a computer’s files and mandated untraceable money to regain access of the files. While this high-profile, worldwide digital extortion hack crippled major governments and companies, it also hindered operations for many small- and mid-sized businesses here locally.

How to prevent being hacked

WannaCry spread through a Windows weakness known as Eternal Blue, which Microsoft released a patch for earlier this year. This particular ransomware traveled the Internet through vulnerable computers, meaning you didn’t have to click a phishing email to get infected.

Fortunately, the WannaCry virus did not spread on iPhones, iPads or macOS and is no longer spreading. However, it’s important to remember that these viruses are dangerous and there is no way to anticipate the next intrusive ransomware coming down the pike.

As such, businesses of all sizes are reminded to be vigilant and take the following steps to help protect against this and other potential infections:

• Confirm that your Windows devices are all current with the latest patches. Windows regularly comes up with new security updates, so check back in for those often and install as appropriate.

• Ensure that all firewalls are up to date.

• Make sure that specific rules are in place to prevent viruses of this type from entering your organization’s networks.

• Keep antivirus and anti-spyware software live, active, paid and up to date. Updated software can detect new threats that develop daily and also strengthen your overall Internet security.

• Always be careful when opening emails. If you suspect it’s strange, it probably is.

• Update your IT team. Let them know that you have appropriately marked suspicious emails as spam.

Patrick Tamburrino, the president of IT strategy, support and management firm tamburrino, inc. can be reached at patrick@tamburrino.com.