Safeguard Your Files Against Ransomware
At Susan Bell Research our clients increasingly ask how secure our systems are. Can we encrypt data? Yes we can. Do we have a risk management policy? Yes we do. We are lucky that we have our own IT Security specialist 'on staff'. Les Bell, Adjunct Lecturer in Cryptography and Information Security at Macquarie University and member of the Optus Macquarie University Cyber Security Hub, has written this piece about how to protect ourselves from what is probably the biggest cyber security threat faced by small and medium enterprises in Australia: ransomware.
Ransomware is probably the biggest cyber security threat faced by small and medium enterprises in Australia. This malware typically poses as an email attachment - an invoice, or a fax from "your" fax server – and once a user naively double-clicks on it, it sets about encrypting your critical files with a randomly-generated key. After doing this, it demands a ransom - usually paid in Bitcoin or Monero cryptocurrency – in exchange for the key which will unlock your files. There are suggestions that state actors - specifically, North Korea - are behind some ransomware such as last year's WannaCry outbreak.While there is some honour amongst thieves, do *not* count on the extortionists sending back a key; several recent examples of ransomware, such as NotPetya or ExPetr, are not capable of decrypting the files, and are in fact examples of wipers - their goal is to inflict damage
While the best defence is to make frequent backups and store them offline - i.e. disconnect the external hard drive or disconnect from the cloud storage where the backup is stored - many businesses do no not make backups frequently enough or are lax about making them.
A recent update to Windows 10 has introduced a feature called "Controlled Folder Access" which can provide robust protection against most ransomware. It works by blocking access to folders containing important data and programs and then selectively allowing only certain programs to access those folders. It's a bit of a pain to set up, but once it's done, you're well protected against ransomware and wipers.
To enable Controlled Folder Access, open Windows Defender Security Center (its little shield icon may be in the systray at bottom right of the screen, or you can open Windows Settings, Update & Security, Windows Defender and click on "Open Windows Defender Security Center"). Now click on "Virus & threat protection" and in the middle of *that* page, click on "Virus & threat protection" (yes, you read that right). Scroll down the page until you find "Controlled folder access" and turn it on.
A couple of small links will appear; one allows you to specify additional protected folders, while the other allows an app to access a protected folder.
At first, you will get lots of warnings and will have to keep coming back to the "Allow an app" dialog in order to save work. But once this is done, you have effectively white-listed just a few trusted applications and your work documents will be safe from ransomware.
If you're at all lax about backups, Controlled Folder Access should be your first defence against ransomware.