Printers are continuing to fall under the attack of the highly intelligent but destructive Ransomware. And just as the name suggests, the malware virus holds your files, servers and network hostage. Ransom notes appear across the network from the hacker, demanding money to be paid in Bitcoin in return for a decryption key that will disable the virus. However, there is no guarantee that the key will work or prevent further attacks.
A hacker may only demand for a couple of Bitcoins, but those coins could cost a company thousands of pounds.
If the worst does happen, you need to be prepared and you need a plan of action. There have been many stories in recent news about these new types of viruses doing serious damage to printing companies, and in honour of World Backup Day we've written a short guide on what you can do to stay safe, and how to overcome such a virus if you do fall victim to one.
First of all, make sure your backups are in order. We recommend having backups offsite and onsite to add another layer of security. Having your backups in order means that you know where they are and you can restore them quickly, as well as having tested them prior and that they work. This is very important. It's no good having backups that have gone offsite and you can’t get them back quickly or at all.
Once you have your backups sorted, you're now in the driving seat and in control.
We'd like to point out here that most Antivirus software do not stop this type of infection. Having a good backup plan AND a good restore plan doesn’t stop it, but it helps to stop the problem from getting worse. Ransomware, which is computer malware that secretly installs on a victim's device (e.g., computer, smartphone, wearable device), relies on you not being able to get the files back. It's Ransomware that is usually the culprit for most of these cyber attacks.
The worst has happened...
So, the worst has happened and your company network has been infected with a virus. What do you do now? We recommend to find the infected device(s), get your backups, clean the infection and find the source to prevent further damage. Ensure that everyone is working as quickly as possible.
Perform your manual scan on all potentially infected devices and servers as soon as possible and remove the network cable from all PCs until the scan is complete. Stop any remote access elsewhere until you scan and remove the infection, and you are 100% confident that your network is clean.
Reset all of your passwords, remove and reconfigure shares, and restore your files.
What have we learned, and what advice can we give?
Backups are your main line of defense. Test and check your backups and how quickly they can be restored. Consider systems that are critical that don’t get backed up.
Good antivirus stops most viruses, but cannot protect you against this type of threat.
Make sure user accounts are reviewed and old accounts removed.
Good strong passwords should be used.
Disable macros in word and excel documents.
Do not have old insecure Operating Systems on your network (XP/ Windows 2003)
Anti spam protection is essential.
Web Filter protection is essential.
Plan ahead for this scenario. Time to recovery is key.