Ransomware fallout

In the past, I’ve spent a lot of time detailing the steps to take if your computer system is hit with a ransomware virus. This month’s article will take a slightly different slant. Since a few of our clients who didn’t have our complete suite of services were hit with ransomware over the last few months, I decided to do a postmortem after we recovered their files. Here are things they could have done to prevent a ransomware attack.

Restrict for Safety

Most dentists and staff use 5 to 10 computer applications to perform their jobs, with operating systems and software often left open. That means that applications also may be left running, even in the background, which leaves your practice vulnerable to zero-day or new malicious software, including ransomware. If you don’t restrict what can run, your computer system is exposed to vulnerabilities or misuse of legitimate software. Antivirus software only attempts to block the bad stuff, and it often fails. Start with a default-deny approach, which means unless you specifically allow an application, you deny it. New applications will be blocked regardless of whether they are known or unknown malware.

Lock Down Your Firewall

Leaving ports such as Remote Desktop Protocol (RDP) open to the internet is somewhat of a laughing matter on many social platforms and computer discussion sites. Although it is not so funny when you talk to businesses that have lost all of their data from a ransomware attack.

It is vital to lock down all direct connections to RDP or similar services. If you need to publish Remote Desktop Service, do so using a Remote Desktop Gateway server and protect the gateway with dual-factor authentication. There are many free dual-factor applications available. Duo, for example, takes no more than 20 minutes to install and is free for up to 10 users. There is no excuse to leave RDP open to internet. If it is open, shut it down now.

Add Additional Authentication

Our job as internet technology (IT) professionals is to protect your infrastructure, but far too often, our tools are being used against you. IT management, remote monitoring and management, and other similar tools are extremely powerful. They make the job of IT professionals easier, but when used by an attacker can also make it easy to deploy malicious software.

Add dual-factor authentication to your systems. Dual-factor authentication should not be considered enhanced security for IT or managed service provider (MSP) tools. It should be standard, especially because many platforms do not cost anything. Enable dual-factor authentication on everything. Far too many MSPs and IT departments are having their systems breached, including ConnectWise Control, Kaseya, GoToAssist, and TeamViewer. Do yourself a favor and turn on dual-factor authentication today.

Restrict User Access

It’s nice to trust your employees to not do something bad. However, many offices have colossal file shares that anyone can access. Even if you trust your employees, restrict access to files and folders based on what they need to perform their jobs. If an employee does somehow manage to run ransomware, at least the damage will be restricted to what that person can access.

Patch Your Computers

This should not be up for debate. Patch your operating system and third-party applications. You can have the best security software in the world, and, at best, it will be 75% effective if your computers are not patched and up to date. I have seen too many cases of old vulnerabilities, such as EternalBlue, used to create administrator accounts on servers and push out ransomware. Patching is not optional.

The steps I mentioned above are just the “low hanging fruit” of things you can do. In next month’s article, I will review some other lesser known, but still critical, steps to take.