Good morning all,
Happy New Year to everyone! I hope that you all had an enjoyable and relaxing break.
One of our higher education brethren in California did not enjoy a nice break; Los Angeles Valley College was just hit with ransomware on their central servers which encrypted all email and shared files. This brought all operations to a standstill and unfortunately, because of a lack of security controls, the college forked out $28,000 in bitcoin in order to get back in business:
Ransomware is a serious threat — thankfully there are a few easy ways you can protect yourself from downtime and financial (and reputation) loss:
- Ensure you have backups of critical data on removable or offline media
Any departmental shared drives you use should be backed up on a regular basis to media that malware cannot access. This can be tape, a USB drive, or a hard drive that nobody has access to remotely. Your backups do no good if the malware can just encrypt and hold those files hostage too. And make sure to test your restore procedures every few months to make sure your backups can save you!
- Use Application Whitelisting
C&IT DeskTech began using application whitelisting after the “invoice.zip” outbreak to outstanding success. By only permitting software signed by known vendors (or manual exceptions by file hash), the initial malware that could encrypt all your files CAN NOT RUN. It’s hard to get infected when the OS refuses to run unknown software!
- Limit Administrator Privileges
This should be old hat right now, but it’s still important, especially for the people on this list — limit any administrative privileges to your accounts. This includes removing accounts from a computer’s local “Administrators” group, as well as using DIFFERENT accounts when YOU need to perform administrator actions. Best practice is for you to use one account for your day-to-day office work and to do a special “Run As” execution when running any administrative programs. This way, any damage caused by malware should be limited to just one computer or user profile instead of an entire network or domain.
As always, thank you for the hard work you do in keeping the university safe and secure from these electronic threats.