Computer viruses, malware, spyware, trojans, and other bad programs have been around for many years. They have caused destruction of computer systems, even causing hardware failures. Hackers use them to gain access to sensitive information, such as credit card numbers, social security numbers and personal information, or use the computer resources to launch other attacks. We have seen in recent news reports that even large corporations, with advanced security systems, can be targeted and breached. With the sophistication of these attacks, one can wonder what can be done to prevent viruses and hackers from causing problems for small businesses. The solution is pretty straight forward, but often, not all measures are taken and a computer becomes vulnerable.
Preventing virus and hacker intrusion isn't just a IT problem, it is a human problem also. Users need to be aware of the threats and how they spread. Being ignorant to how viruses spread is one of the best tools of virus writers to attack computers. Recently I was discussing with a client a video that he wanted to download. Upon clicking on the download button of the web page, the virus protection system alerted him that he was downloading an infected file and blocked the download. I looked into the issue and found that the website had a banner advertisement that looked like a download link, but actually redirected the user to download a malicious software program on another site. This has become a common tool that hackers are using to get their programs spread. They actually pay for banner advertisements across the internet that trick people to go to their site and download the virus.
The latest, and one of the most malicious virus I have seen, is called CryptoWall. This virus has been around for some time, but it has a new way to deploy itself that basically protects it from being detected by anti-virus software. Once installed, it searches for all files on your network, such as Word and Excel files, and encrypts them. The only way to decrypt them is to pay a ransom to the hackers and they give you a key to decrypt the files.
So, how do you protect yourself?
1. Never install or attempt to install a program that you don't specifically know the software developer. It is best to allow computer professionals to install programs on your computer systems so they can verify the authenticity of the software before installation.
2. Make sure you have good backup systems, including offsite systems, with retention policies that do not overwrite frequently. You can also enable Shadow Copy on Windows computers that keeps changes logged on the local computer for some time and is basically a local backup of your files.
3. Don't run your normal user with administrative privileges, if possible, and leave User Access Control (UAC) enabled.
4. Finally, make sure you are running up to date anti-virus software on your computers and also an advanced firewall with active packet inspection systems.
What happens if you get hit with CyptoWall? If you have good backups, it is best to wipe the computer clean and restore all files from backup. If you do not have backups, you are going to have to pay the ransom fee. There is no way to decrypt the files without paying the ransom. After the files are restored, make a good backup and reformat the infected computer. My position is that once a computer has been infected, there is no way to guarantee that it is restored to a clean state using virus removal tools, so it is best to wipe the system and start over clean.
Make sure all your users are aware of the threats! One computer that has access to network resources, like shared drives, can encrypt all the files on the network, not just the ones on their machine. This software is aggressive and will destroy as much data as possible in the shortest amount of time. Also, make sure that you do not allow guest computers on your corporate network. One infected guest computer can cause significant damage to your network.
There are ways to protect against all these threats. The best way is to have all your users educated to understand the damage they can cause. Hackers want whatever they can get, even money from a small business owner paid in ransom.