One of the most insidious kinds of spam and malware that is currently active around the world is what is known as Cryptoware or Ransomware. This attack gets users to open a type of malware which starts working on the user's workstation to attack files with extensions from common document type software.
Files from Microsoft Office, Open Office, PDF or other popular types are located then encrypted using an encryption format that is controlled by the attacking virus. Once a single workstation is done, the software starts to migrate through the network and any attached shared file stores. When a certain time period is completed the software eventually pops up a screen to a user declaring that their files have been encrypted and if they wish access to them a payment must be directed to an account the designate.
This kidnapping of an organization's data is a serious problem especially if a large number of users are keeping their files in one location such is commonly done in the case of a networked hard drive or file share.
Any Kind Of Organization Can Be Attacked
Of course organizations are not simply sitting by waiting to be attacked. Unfortunately like many of these malware tools continuous changes are done to the attacking software to attempt to get by security software which IT leaders deploy to protect networks and files.
Often the means to enter the system is a user inadvertently clicking on what appears to be a legitimate attachment to an email or an embedded link which they have been directed to. Educating users to be cautious of all such events is a first line of defense, but it only takes one instance for damage to begin.
Security software is also another line of defense and it is a powerful tool when kept up to date and properly deployed.
Document Management As A Defence
Another tool which some organizations are using and which is being considered by more an more is the use of a cloud based Document Management System to replace the centralized shared drive file store.
With this solution the files which are being stored for the organization are moved to an external cloud based location where only the Document Management (DM) software and the organized document files reside. Since there is no shared drive relationship between the user work stations and the DM location there is no path for the malware to use to access the document files for encryption.
Users link to the files they wish to retrieve or view by browsing to a location on the DM server site but without a file share being in place. A much safer and more secure way to share information and for long term storage of important documents. The protection provided from ransom attack is of course only one of the many benefits that the DM can provide.
Of course this strategy is only one piece of a range of solutions which should be in place for good protection of important organization files. Security as an ongoing issue and one which takes regular analysis and continuous monitoring.
Ransomware is a plague for IT departments, organizations and users. Hopefully with diligence and effort the thieves who see this as a way to repeat ill gained wealth will gradually be eliminated or new tools will be found to kill their model. Until then organizations need to take the steps they can to protect themselves and their users to make their information safer and yet still accessible for legitimate users.
Take a look and consider your options.