The on-going threat from ransomware and the recent high-profile outbreaks of WannaCry and Petyawrap viruses have focused attention on IT security. During the latest wave of ransomware attacks, one firm in South Korea ended up paying the largest ransomware demand in history – this has made the necessity of IT security all the more apparent to IT support, administrators and board-members alike.
In this article, we outline how Zynstra keeps our client’s IT infrastructure secure against ransomware attacks.
How Zynstra Protects You
Zynstra’s server provides multi-layered protection from a variety of threats and remediation capabilities in the event of a virus attack occurring.
These measures include:
- Automatically delivered monthly security updates to the server’s core services and network functions to remove known vulnerabilities.
- Hardened, single-purpose Virtual Machines which are scanned for vulnerabilities before every update.
- Scanning and filtering of WAN traffic to block threats at the gateway.
- Hourly user data snapshots stored locally and daily Cloud backups of the entire system to ensure data recovery is possible with minimal down-time.
Best Practices for Reducing Risk
In addition to these features, which go a long way to protect your server and data, we also advise businesses to follow these additional precautions to protect the rest of one’s IT network:
- Keeping client workstations, laptops and mobile devices up-to-date. Applying the latest operating system and application patches, particularly Windows updates, will minimize exposure to ransomware.
- All custom IaaS VMs should also similarly be kept up-to-date with the latest operating system and application patches.
- All client devices should run an anti-virus solution that is enabled and set to continuous automatic updates.
- Granting each of your IT users only the access rights needed to perform their role, following the principle of ‘least privilege’, reduces the risk IT threats. Specifically, minimize the number of users with the following types of privileges:
- Accounts with server local administrator and domain administrator rights.
- Remote administrator rights to servers who do not need those accounts for day-to-day activities on their client PCs. A separate account can be used for administration as and when needed.
- End user accounts with local administrator rights on their client devices. If this is required, they can have a separate local admin account they can use to carry out tasks that require elevated privileges as and when needed.
- Publish an IT usage policy with appropriate guidelines and training on IT use for all end users, including visitors.
- E-mail is one of the most common sources of virus infections. Taking care when opening attachments and links, especially from unrecognized senders, can help reduce this risk. In addition, a dedicated e-mail anti-spam/anti-virus scanning solution (either on-premise or cloud-based) will help minimize the number of harmful e-mails that reach your end users.
If you are Subject to an Attack
To date, all Zynstra servers have been able to protect themselves or successfully recover from a ransomware threat. However, with multiple systems and multiple potential routes in to your IT, you must be prepared to respond to an active attack.
If there is a rapidly spreading IT threat and you believe your IT system or data are at imminent risk, or you already have some systems affected, we recommend the following steps are taken immediately:
- Disconnect the LAN cable on your server, which will prevent any affected computers on the LAN from accessing data and VMs. Do not re-attach the LAN cable until devices on the LAN are clean or protected against the current threat.
- Keep the WAN cable connected, to allow your support team to remotely access the server via the encrypted management VPN.
- Isolate all at-risk and affected systems (client PCs and servers) by disconnecting them from the LAN. Do not reconnect them until they are clean or protected against the current threat.
- Any systems where an account with admin privileges is logged on should be logged off as soon as possible, and protected as a priority. Admin privileges can be used by some threats to rapidly propagate to other systems.
If you would like more details about Zynstra’s approach to protecting IT from threats, we have an upcoming webinar, in which we discuss strategies for keeping your IT both consistent and secure across all branches and/or offices.