have been the victim of a ransomware attack in the last 12 months.¹

5 Prevention Tips

1. Use End-Point / Antivirus software to protect your system from ransomware. Turn on behavioral learning options or heuristic analysis in your end point protection. These help the tool possibly detect new variations of ransomware.
2. Patch & Update Software. Your operating system and applications all release new versions or patches to address attack vectors and software issues.  Please keep up to date with the new versions on your workstations and servers.  For credit unions, you should have a central system administering patches and reporting so you know the status of all your systems.
3. Back-up! Test your backups! Scan your Backups! Thankfully most credit unions have addressed backups in some form but ensuring those backups are good, easy to restore, and have a long enough retention period is extremely important. It is best practice to have some logical & physical separation between your production & backup systems to ensure the attack doesn’t impact your recovery systems. Having local backups and backups vaulted or copied to a remote site is a good way to ensure backups are separated from your production environment. Newer ransomware can stay dormant for long periods of time and could be not yet active in your backup files. Mounting backups volumes and re-scanning files with current antivirus definition can help ensure you have clean backups in the event of an attack.  This can be an automated process with many newer backup solutions.
4. Trust no email. Trust no website.  Teach your CU Employees about the risks. Any user account can be compromised and malicious links can be sent from the accounts of members, vendors, board members, friends, family, or co-workers.
   1. Never open attachments in emails from someone you don’t know. Criminals often distribute fake email messages that look very much like email notifications from your credit union, government, or legitimate business sites and services. These ‘phishing’ emails are still the primary source of an attack and they happen behind your firewall & perimeter defenses.
   2. Do not run files or approve installations from web sites. If you were not intentionally downloading new software as part of the IT department at your credit union, do not run or approve any download to run on your computer.
5. Disconnect an infected machine immediately. Ransomware tries to spread out through your environment, disconnecting a machine can help contain the damage. Many ransomware variants try to gain additional permissions to spread to new systems beyond the user’s normal permissions so take away your AD and servers as a target by disconnecting the infected workstation or server.

If you need help evaluating your current risk or addressing your IT infrastructure, Backup & Recovery, or security tools please reach out to us: info@pureitcuso.com

1-Source: https://www.malwarebytes.com/surveys/ransomware/