Ransomware Protection

Ransomware is now an all-too-real threat to businesses, governments, and individuals worldwide. Some precautions are more effective than others. To date Just Fix IT customers have not lost a single file after Ransomware encryption.

The dangers with ransomware are threefold.

  • ransomware is designed to completely encrypt a victim’s file system, potentially causing an irreversible loss of data and paralyzing the business.
  • cybercriminals are utilizing ransomware to extract money out of victims using elaborate botnets to send demands without fear of reprisals.
  • an increasing number of cases are moving to “extortionware” – which is when large brand businesses are being threatened that the breach will be publicly revealed or a copy of the data made public, turning it into a privacy and public-relations nightmare.

Some 2020 reports have shown that ransom demands for businesses can average $13,500 for each incident, with businesses willing to shell out upwards of close to a million dollars to decrypt their data in some instances.
The threat is only growing. A survey by The Beazley Insurance Group, for example, found that small-to-midsized businesses were at the largest risk. The highest ransom the company paid out for its clients in 2019 was over $930,000.

Head offices are affected not just by the ransom cost, but also the lost productivity and cost to rebuild afterwards. In June 2020, Honda Global Operations servers were compromised affecting 220,000 employees (https://www.bbc.com/news/technology-52982427) and the City of Baltimore local government was impacted for over a month, costing $18 million to restore and clean up, even though the ransom was set at Bitcoin valued at only $76,000.

Ransomware is so devastating because the hackers typically remotely erase server backups before they start encrypting the server data and delete shadow copies stored in Windows Server buffers.

Just Fix IT has created this Top 10 list of defenses against Ransomware to safeguard our customers’ data

Preventing the attack:

The ideal goal is to prevent Ransomware from gaining access inside your network and computers.

Step 1 – Lock the front door. The front line workers are bombarded daily with spam and phishing emails that automate the cyberattacks on a massive scale. JFx Security package provides a solid baseline to ward off attacks through a combination of ESET Enterprise Antivirus and JFx Spam Filtering and regular Phishing awareness training.

Step 2 – Lock the rear door. The external gateways into your business network are areas that need special security attention. Just Fix IT provides a JFx Managed Firewall equipped with next generation AI to detect and filter threats based on the most up-to-date detection algorithyms, keeping you ahead of external hacks and port based attacks.

Step 3 – Don’t forget the staff-only entrance. Remote access to your network can be effectively managed by our secure add-ons. Safeguard your off-site worker connections by using JFx Private Cloud RDS gateway to avoid brute force attacks. Update your password usage policies in the Windows Domain to shut down external access after 5 wrong attempts. Just Fix IT can help you deploy Two Factor Authentication to all remote access platforms to neutralize the danger of breached credentials.

Step 4 – Keep your software patched. When software manufacturers provide regular security patches and bug-fixes, it can be hard to keep on top of. But cyber-criminals take advantage of newly announced vulnerabilities in software to find ways to deploy worms and viruses that will break through network protections. JFx Healthcheck monitoring and support tool allows each workstation and server to be centrally managed with a prescribed automated patching schedule, minimizing user impact and ensuring compliance.

Step 5 – Restrict Administrator access. Ransomware looks to gain Administrator access in order to make systemic changes to the server files or operating system. Just Fix IT will help you review your user accounts and create Security Group access controls to restrict Administrator accounts to only those functions that need it. Just Fix IT use Just Fix IT Techs use support portals protected using two factor authentication and limit support functions to IP addresses of certain JFI Helpdesk locations.

Step 6 – Restrict the ability to load software. By deploying Secure User Profiles or end-point software, you can limit the ability for rogue software (freeware or malware) to be installed.

Step 7 – Move your treasure to the JFx Private Cloud. If you move your server critical apps and files to run on a private cloud server and create separation between end-user devices and the apps they use via Remote Desktop Services, the company data is no longer within reach of malware running on a local hard drive of a workstation. Should a workstation become encrypted by an external party, no company data or server is exposed.

Minimizing the Ransomware breach

The impact of Ransomware can be reduced if backups are safe, and if the breach is detected before any damage is done.

Step 8 – Protected Offsite Backups. Ransomware will aim to delete backups before running encryption. Just Fix IT has evolved the cloud backup solution to separately partition live and backup data using different credentials, creating a further barrier to criminals if an on-site breach ever occurred. The backup images are not directly accessible from the internet and are spanned across redundant datacenters.

Step 9 – Streamline your restore process. Just Fix It can provide a full rebuild of your servers from the nightly server backup image files. The backed-up server files can be restored individually by folder, or the whole server can be rolled back to a set date and can even be transferred into our JFx Managed Server environment in a disaster to run a temporary hosted server. We encourage our customers to annually test the restoration to ensure the process is well documented and the restore time is as short as possible. We target to restore all server data in 4-8 hrs, depending on the customer’s server hardware and internet speed.

Step 10 – Real-time security experts. Just Fix IT monitors our managed servers and uses ESET enterprise security software, which creates alerts for detected dangers. The Advanced SIEM and real-time network monitoring included in the JFx Security Plus Package is available for customers with specific compliance or cyber-security needs. This uses server logs and network traffic patterns to detect a security breach mid-flight based on threat patterns and then to trigger action from the Security Operations Centre (SOC) of our security partner. Responses can include limiting access across server shares, the targeted blocking of hacker traffic via firewall updates and rolling back encrypted files or changed permissions from shadow copies.

We are pleased to offer you cost-effective security solutions that use some or all of these Top 10 defenses to keep your company systems safe from Ransomware and cyber-threats.

Talk with a Professional

Don’t hesitate to reach out and contact us directly. One of our team members will be happy to contact you back and start working with you to find the right solution for your company.