Ride the Lightning

Cybersecurity and Future of Law Practice Blog
by Sharon D. Nelson Esq., President of Sensei Enterprises, Inc.

What Can Law Firms Do to Fight Ransomware?

April 6, 2015

At the request of several folks, the following longish post provides (I hope) some guidance on how to fight ransomware, particularly for solo and small firms who cannot afford wallet-busting protection.

As you may have seen recently in the news, many computer networks across the world are under attack by a serious threat called “ransomware.” Two of the most notorious forms of ransomware are CryptoLocker and Cryptowall. These pieces of malware, and many variants, target computers running Microsoft Windows and generally propagate themselves through infected e-mail attachments. Once the infected attachment is opened by the user, the malware installs itself onto the host computer system. The malware encrypts files stored locally on the computer system as well as on any mapped network drives, such as those files on your server, connected flash drives and other external USB drives. The malware then holds your encrypted data ransom for a payment – e.g. “pay this dollar amount (usually several hundred dollars) to decrypt your data.”

There is no effective way to decrypt the files once encrypted (unless you pay the ransom – generally people have indeed been sent decryption keys, but there are no guarantees that this will happen). The only way to recover your data from this type of infection is to restore your data from the most recent backup. This process can be time consuming and expensive if you get infected with CryptoLocker, Cryptowall or one of their variants. Make sure your backup is properly engineered so that it too will not be infected!

While standard security suites provide a good measure of protection, they are not infallible. New variants of ransomware are cropping up daily.

As I say all the time, THERE IS NO SILVER BULLET THAT PROTECTS AGAINST ALL RANSOMWARE.

You might check out CryptoPrevent, software which offers the ability to prevent (in large measure) Windows computer systems from infection by ransomware. This software is relatively inexpensive, costing $15 or less per computer depending on the number of licenses needed. The configuration of this software has to be customized for each client, depending on the applications that will need to be allowed to run on your systems – this requires input from you. Still, it will take some amount of time and money as each computer is manually configured. Another “no software cost” alternative is to configure Windows policies to achieve the same operational restrictions that CryptoPrevent provides. CryptoPrevent is automatically updated, whereas the “no software cost” solution is static.

Sensei has now seen enough ransomware infections in our area that we are recommending that you invest in this software which operates very differently from your currently security suites. Please note that, if you accept this recommendation, you may get “pushback” from employees who are accustomed to installing any software they want. CryptoPrevent has proven to be quite effective by disallowing the installation and execution of software unless it has been whitelisted. We now regard the risk of infection as high enough that we believe this kind of precaution is warranted, even as we tell you that no solution has been 100% effective.

The most common way that businesses get ransomware? Employees click on an attachment or a malicious link in an e-mail. This brings us to another important point: One of the most often-overlooked aspects of an organization’s security readiness is end-user training. It is just as important that your employees know what not to click-on as it is to have security software installed, to help prevent these types of malware outbreaks. We offer this training, as do many other IT companies. Check out the possibility of installing CryptoPrevent along with security suites making it a part of your overall business information security protection, which also should include your firewall, IDS/IPS device, physical security, security awareness training, etc.

Sorry for the long post, but the number of law firms and businesses we've seen hit recently has raised the importance of addressing the growing threat of ransomware. It is a devilish adversary!

E-mail: Phone: 703-359-0700
Digital Forensics/Information Security/Information Technology
http://www.senseient.com
http://twitter.com/sharonnelsonesq
www.linkedin.com/in/sharondnelson

Sharon D. Nelson, Esq.
President

Subscribe in a Reader

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Ride the Lightning

What Can Law Firms Do to Fight Ransomware?

Subscribe for More!

Recent Posts

Listen to the Podcast

Disclaimer