Unfortunately, we are seeing an uptick in opportunists using COVID-19 ransomware attacks across customers in many different industries. Ransomware attacks encrypt all files on your network, leaving you with no recourse but to rebuild your system, and worst case, to start over.
How To Protect Your Business From Opportunists And COVID-19 Ransomware Attacks
There are some steps that you can take to protect yourselves that we wanted to share. Encompass would be happy to assist you with any of these conversations, we have experience working with customers who have had to recover from critical system failures – up to and including rebuilding systems from scratch. We are happy to share our thoughts on how to harden your own systems to ensure this does not happen to you.
Backups. Make sure you have a backup plan in place, that it is running, and that it has been tested. Make sure your backups are not stored on your network – we have seen customers following good backup plans, but by leaving their backups on the network, have found that the backups have also been lost due to encryption. Make sure you have recent backups, that they are stored off-network, and that you periodically run a trial restore, to ensure that the backups are indeed comprehensive – there may be critical components on other servers (custom reports, custom labels) that are not included in your backup plan.
Media and license keys. This is a great time to locate media to install business-critical applications, and that you have the appropriate license keys. Often the software may have been purchased many years ago, and with role changes in your organization, it may not be apparent that they are not available, until they are needed.
Key reports. Frequently generate and store copies of critical reports, ideally both on paper, and electronically that can be used to ensure your business can keep running should the system need to be rebuilt. Things like Aging Reports, Production Schedules and other critical reports can be automatically generated and sent to an email address should they be needed during a system outage.
Business Continuity plans. Make sure each department has ‘run on paper’ processes that can be used if needed – preprinted packing slip templates, inventory move templates, production data capture templates. These can be used while a system is restored, and can be re-keyed once the system is online to ensure accuracy.
Be proactive. There are things you can do to protect yourself from these kinds of attacks. Evaluate true failover systems that allow a shadow installation to come online if needed. Ensure you have multiple-factor authentication configured for your email systems to prevent unauthorized access. Run anti-malware software on key servers that can detect mass file change and quarantine that program.
Recovery Documentation. Keep all documentation, receipts, expenses, emails, etc. for any legal or insurance needs in the future. Creating a folder within your email program and minimizing email subject threads are two tips for managing this process.
Quick Reference Guides. Have these created for your most critical servers and business applications. These might contain items like usernames and passwords, support contacts and other important information. Make sure to have these in printed format and kept in a secure location. Some companies put these in a fire-proof safe to protect from fire or flood damage.
Contact Financial Institutions. You will want to contact your financial institutions (credit cards, banks, retirement, etc.) to make sure they are aware of any suspicious-looking activity. The cyber crooks have your data and can easily unencrypt it to gain important information.
User Education. Educate users to bring awareness on ways to prevent future disruptions. Often times we hear of stories where an email came from a contact that looked legitimate but later found out it was a phishing scam to get a user to provide their username and password. Programs are available to help companies better prepare their user community.
Review Network Access. A regular audit of all network shares, user accounts, and security groups to close off any vulnerable access points.
Stop the Spread. Cryptoware and Ransomware spreads via network shares. Once this gets into your network, it can take over your entire business infrastructure. If you detect this is happening, immediately shut down all servers and/or pull the network cables. Doing so will increase your chances of recovering some of your data.
Contact Law Enforcement. This may not be the first thing on your mind, however, once you have neutralized the ransomware from spreading contacting your local FBI cyber criminal division is a necessary step.
Do Not Pay the Ransom. Whatever you do, if at all possible, do not send any money to them. Doing so only makes you vulnerable to future attacks. Exhaust all your resources, backups, data recovery options before paying any monies.
About Encompass Solutions
Encompass Solutions is a business and software consulting firm that specializes in ERP systems, EDI, and Managed Services support for Manufacturers and Distributors. Serving small and medium-sized businesses since 2001, Encompass modernizes operations and automates processes for hundreds of customers across the globe. Whether undertaking full-scale implementation, integration, and renovation of existing systems, Encompass provides a specialized approach to every client’s needs. By identifying customer requirements and addressing them with the right solutions, we ensure our clients are equipped to match the pace of Industry.