Ransomware – the extortion trojan
Ransomware is a type of malicious software that denies access to devices or encrypts data. The goal is to then demand ransom money from the victim for recovery. There are countless variants, which vary in the way they spread, function, and the encryption algorithm they use. If not enough security measures are in place, every single one of us is a potential victim.
Good data protection can never be achieved through a single measure! A good technical organization is a prerequisite for the interaction of the protective components.
How do SOL-IT Cubes protect you from such attacks?
The SOL-IT Cubes’ innovative document management system locks the data in a safe so to speak and deposits it in a particularly secure part of the servers. Accessing the data (outside the server) is only possible through the CuFiS-service which requires active user interaction via the SOL-IT Cubes®. This means that ransomware has virtually no chance, just like trojans that fish for data on a large scale and carry it outside. In addition to that, changes that are made to the data create new versions instead of altering the original file.
To achieve and maintain the optimal protective function professional IT-supervision is needed.
- Only enable the needed ports in the firewall
- Operate the CuFiS-service with your own Windows user
- Ensures that the CuFiS-root can not be reached via SMB/file share from other hosts, not even through “detours”, such as subfolders
- Grant minimal rights on CuFiS-Root (SYSTEM and CuFiS-user is enough)
- CuFiS-server if possible in an own network segment, port-activation through a firewall (e.g. Securepoint UTM)
- Virus protection on the server with central management/notification (take this threat seriously! A virus that has reached the server is a security breach that should be taken seriously. An infection report on the server should immediately be followed by hardening the security, while documenting the measures that have been taken.)
- activate real-time protection, activate regular system and data checks
detecting a virus only when it has reached the server is too late and an organizational flaw!
- Secure the access to the internet through a UTM-firewall, checking of the content by virus protection (at the gateway, the firewall) and content filters (blocking what is at least classified as “danger”)
- Checking of incoming e-mails using virus protection in the POP3-/SMTP-Proxy (e.g. a UTM-firewall)
- No unprotected devices in the network
- No guest or staff devices within the internal network/WiFi
- Virus protection can not be turned off by users
- Monitoring of terminal devices for intact virus protection and functioning updates
We would gladly assist you as a consultant in matters of security and protection.