It seems that the writers of WannaCry named their ransomware variant correctly. It certainly hit some areas hard and the media fed the storm. The writers of this software made a significant flaw and it was discovered quickly but still they will earn over $40 million from this infection
How do you get it?
- You clicked on a link in a phishing email
- You have not installed updates on your computer since March.
- Your computer allows the running of .exe’s from within your user profile
- Your computer allows the running of .dll’s from within your user profile
How we protect you from ransomware
(note nothing is 100% because the bad guys are always coming up with new tricks)
- We ask that you never say no to updates and that you install them immediately when prompted to do so.
- We ask that you allow us to schedule a lunch/learn with your staff to train them on how to recognize phishing emails and other threats
- We have a free license of security awareness software for you use
- We install group policies to prevent the running of .exe and .dll from inappropriate locations on your computer
- We vehemently recommend that XP computers not have any access to the Internet
- We recommend two-factor authentication for remote access to the network
- We configure your backup so that it can only be written by a specific account that never logs in
- We recommend that no one have admin access to their computer
- We recommend that permissions to folders are minimized because if the infected computer user doesn’t have access to the data then the data doesn’t get encrypted
In 2013 we implemented the first ransomware protections on your network. Since then we’ve continued to modify them as the bad guys make changes to their methods. It is a game of cat and mouse which is why we’ve taken the stance that IT best practices are the best defense against ransomware.
These are most of the locations where our practices have been implemented. We make our policies available to anyone. Amy uses the funds generated to create a scholarship fund for women looking to prove their IT skills through certification.
What should you do now?
- If you haven’t installed updates on your computer then so so immediately and always install them from now on
- Schedule security training with us
- Request your free license of security training software (1 per company)
- Don’t click on links. Go directly to the website instead
- Scan invoices, shipping notifications, resumes, legal notices…before opening them
- Don’t use Windows XP!
- Sit down with us to review the permissions on data folders
- Don’t get grouchy when we recommend non-admin access, two-factor authentication and other security measures. We’re just the messenger.
– Amy, president
About Harbor Computer Services
Harbor Computer Services is an IT firm servicing Southeastern Michigan. We work exclusively under contract with our clients to provide technology direction and either become the IT department or provide assistance to the internal IT they already have. We have won many awards for our work over the years, including the worldwide Microsoft Partner of the Year in 2010. We’re the smallest firm to have ever won this most prestigious award. Most recently we were recognized as one of the top 20 visionaries in small business IT by ChannelPro Magazine (2015). And in 2016 as the top Michigan IT firm for Manufacturing. There are a few simple things that make Harbor Computer Services the best choice for your business. •We are Professionals •We are Responsible •We are Concerned About The Success of Your Business