This class of malware is a criminal moneymaking scheme that can be installed through deceptive links in an email message, instant message or website and can result in severe losses due to interruption of operations and loss of data.
Protect yourself and prevent occurrences:
- Have up to date Anti-Virus on all workstations/ servers
- Retire any operating system below Windows 8.1
- Have a full set of backups – weekly and monthly at least and daily if required.
- Ensure that Backups are retained that are NOT connected/ shared on your network
- Backups should only run AFTER malware scans to ensure that no infection is transferred to the backup sets
- Remember that NAS devices remain vulnerable to malware infection and require on-device prevention
- Never open files (including pdf) from unknown sources
- Make staff aware of phishing and social engineering risks
- Ensure that Group Policy is set to restrict user software installations and block suspicious activity
- Ensure that all Operating System patches/ updates are current
- Change the username/password for the default administrator account
- Use passwords with a minimum complexity of six letters, two numbers and one special character
What to do if you are a victim
- Advise your network administrator immediately.
- Do not switch off your computer (the decryption key may still be in the RAM and recoverable)
- Do remove the network cable from your computer
- Check www.nomoreransom.org to see if a fix is available for the variant of Ransomware that you have been infected with.