Don't Be Held Prisoner

By Jason Roberson
Director of Lumber and Building Materials
Rader Solutions

I hate to write this and sound as if Chicken Little is telling you that the sky is falling.  I wanted to issue a warning on something called Ransomware.  You might ask, “Ransom what?” 

Ransomware is a type of malicious attack on a person or companies computers that locks up data.  The organization that does this then requires you to pay them in electronic currency to unlock your files to get them back.  It’s a ransom of your data from criminals.  The people who are creating these attacks are from a foreign country, almost untraceable, and are making a great deal of profit doing this.  The FBI has seen a significant increase in this type of attack in 2015 and into 2016. 

It’s really a nasty thing and if the attack gets by your security it really complicates your operations.  I wager that if you asked around in your LBM round tables or to friends in other markets someone will have a story about an attack.

The malicious attack generally comes from an email with an attached file that is opened, that file then installs and starts locking up files on the PC.  It may also come from web pages that ask you to download an open a file.  Once the malicious software is installed on a PC on the network, the software will look for other vulnerable machines on that network to attack including servers.

So how do you prevent it?  Let me list out a few things that will help you prevent and mitigate this attack:

  1. Educate yourself and your team.  This is the most important prevention.  Have them be suspicious of any emails that have attached files.  Just don’t open any attachment to an email regardless of who it’s from.  Be suspicious of websites that ask you to run a file.  Talk about this at your next company meeting.
  2. Back up your data.  The attack generally focuses on files on the PC or Server itself.  Keep files offsite on a server or cloud drive that are incrementally backed up.  Have your Tech Company or IT manager verify these backups are working.  Also do not keep important files on your local PC without an active backup.   
  3. Make sure all of your PC’s and Servers are updated to the current releases from Microsoft, these must have recent software updates applied.   Get old out of date PC’s off your network.  Also each PC should have reputable antivirus running, licensed, and updated with the latest definitions.
  4. Verify that your ERP servers do not allow software installation by normal users.  Only the administrator can do so and few if any people have this password.
  5. Your business should have a firewall in place that protects your network.  Have your Tech group make sure it is updated with the current firmware and that it has current licenses actively protecting outside attacks. 
  6. Make sure your Email is being actively filtered on the server level before it is delivered to your network.

I wanted to mention that this type of attack is becoming more and more sophisticated. Ransomware is just one of many type of malicious attacks that are targeting businesses. Regardless of what kind of attack it is, it is an interruption to your business. Anything that slows down or stops your business from operating is expensive.  Be on your guard and good luck!