Cyber Security



Ransomware

Ransomware is the generic name given to malware which encrypts files, making them unusable, and then demands payment to decrypt them again usually in the form of crypto-currency. It is a huge problem the world over, affecting companies large and small, and people just like you and I.

From a technical standpoint it should be pretty easy to mitigate this problem, you just need to block certain file types from being used on your computer system. Largely speaking, and this is by no means a definitive list, this means .xls, .doc, and .ppt file extensions. These file types can contain malicious code which, when executed, download the encryption malware and then runs in the background silently. But here's the problem with this; too many people continue to use these file types even though Microsoft replaced them with safer alternatives way back in 2007. Regardless of this, AMITC still strongly recommends blocking these files when they arrive in the form of email attachments. This is easily achieved in Microsoft Exchange/Microsoft 365 and Microsoft Outlook for example.

If you absolutely NEED to continue receiving these risky file types via email through an Exchange server then network administrators should consider implementing moderation, although this could obviously bring about questions regarding user privacy. If you do choose this course of action then it is highly recommended to implement a "sandboxing" process whereby you open the suspect file in a secure environment away from anywhere it might be able to damage.

If you are unable or unwilling to implement either of the above then everyone in your organisation needs to be made cyber-aware. This is actually recommended regardless of whether you choose to block the risky file types or not, but it is vital otherwise. The first step on this course of action is training; send out information informing people what to look out for, deliver presentations, show videos. The next step is then to test their awareness by conducting a phishing simulation in order to determine which users are likely to be "phish-prone". From here you can analyse the results and then conduct more training, repeating the cycle of training - testing - analysis on a regular ongoing basis. You can read more about this process here.

The problem doesn't just stop at receiving these files via email though (although this is the most probable route). These files can be introduced into your system in any number of ways; downloaded from websites, shared via Dropbox/OneDrive/GoogleDrive, or via CDs and USB sticks plugged directly into your computers to name but a few. Your cyber-awareness training needs to highlight all of these potential hazards.

Posted 15/12/2021