Your file shares are at risk from ransomware! Help protect your company files with BridgeRansomBlocker.
Ransomware attacks typically introduce a piece of malware onto a client workstation, by directly exploiting a known vulnerability in the operating system or by persuading the user to execute a file with a malicious payload. The payload might be distributed by mail attachment (e.g. CryptoLocker), a compromised website or by a direct connection to the target computer over a network (e.g. WannaCry).
Once infected, malware on the workstation often enumerates any SMB file shares that are accessible with the user credentials. It then attempts to encrypt any user data on those shares with a hidden key. When strong encryption is used, it is very unlikely that the encrypted data will be recoverable without this key. The user is presented with a graphical banner and/or text files explaining that they can receive the key to decrypt the files on payment of an extortion fee.
The primary method of prevention is to maintain current, reliable, isolated backups of the user data. With a current backup, the user data can rapidly be recovered without any need to deal with decryption of the data or payment of fees. Of course, this relies on the backups being isolated from the malware itself. We recommend following the 3-2-1 backup methodology to ensure this: keep three copies of data on two media types with one offsite backup.
Secondary to backup protection, we can also reduce the likelihood of malware encrypting the data in the first place. Alongside traditional anti-virus products, file servers can be configured to detect suspicious patterns of activity and automatically prevent suspected malware from accessing the company data.
Training the users with identifying suspicious communications can assist with preventing them from opening infected mail attachments or malicious websites. However, while this will reduce the likelihood of a malware infection occurring, it cannot prevent it entirely. In all probability, an attack will eventually be successful. We still need to plan for recovery as well as prevention.
The BridgeRansomBlocker toolset has been developed internally at Bridge Partners to help protect your file shares. It builds on Windows Server features to trap malware activity before it reaches actual user data in the file shares. Thorough monitoring and reporting combine with this to ensure that the file blocking system is running correctly and is up to date.
Contact us for more details.