Ransomware
Ransomware has been a growing problem. This is a form of malware which encrypts your files and extorts money for the decryption key.
With the recent worldwide outbreak of the "WannaCry" strain of ransomware on the news, we've compiled some general tips on keeping your systems safe.
Ransomware Defense
Ensure Windows updates are enabled, and Microsoft security patches are applied regularly. The best way to do this is via automatic updates, or our managed patching service which controls reboots. In particular, WannaCry ransomware exploits a flaw in Windows that Microsoft patched a month before: Microsoft Security Bulletin MS17-010
Exercise extreme caution with email attachments. Do not open any attachment or follow any links in emails unless you are expecting it. It is not enough to recognize the name or email address of the sender, this can be spoofed. If possible, verify with the sender via another email or phone call that they did indeed send it.
Check your backups regularly. The only reliable recovery option if you do get infected by ransomware is to restore from backup.
Use enterprise-grade, up-to-date antivirus software. While antivirus software will not catch all malware (especially emergent threats), some protection is better than none. Enterprise software with a purchased subscription is generally more thorough and up-to-date than free versions.
If You Suspect an Infection
Shut off the computer immediately and disconnect it from the network.
Thoroughly examine your server shares and other computers on the network for encrypted files or ransom notes.
Be prepared to restore from backup.
Note: Paying the ransom is NOT recommended (see more details below). Ransomware is an act of extortion by criminal entities. There is no guarantee you will get your data back, and no recourse available to you to recover your money if you don't. In addition, you will be encouraging and bolstering the profitability of these schemes, of which you may again become the victim.
Resources