To say ransomware is a growing threat is an understatement. With multiple public warnings from US and European law enforcement, a growing tally of high-profile incidents, and new guidance on HIPAA breach notifications, business leaders across industries are justifiably nervous. While there is no foolproof way to prevent an attack, there are measures you can put in place today to better defend against this new and very destructive type of malware. Additionally, when an attack does slip through the defenses, a quick recovery is possible if you have a solid remediation plan in place.
As the saying goes, ‘an ounce of prevention is worth a pound of cure’. With that adage in mind, here are a few practical guidelines you and your organization should implement today, to get the maximum ransomware prevention and recovery mileage from Syncplicity. Be sure to check out the links below for detailed instructions to implement these tips.
Back-Up Files in Real-Time
While there is no single solution for preventing ransomware attacks, a consistent recommendation from experts across the industry is ‘Backup, Backup, Backup’. For most enterprise users (and consumers), that’s easier said than done. It’s a behavior that often requires extra manual steps and backup jobs that usually never complete. However, with Syncplicity, continuous backup is easy and seamless. Files and folders are backed up automatically in real-time, meaning you start syncing all your folders just once and move on, eliminating worries about data loss.
Utilize Multi-Folder Sync
Our unique EFSS feature, Multi-Folder Sync, allows users to back up every folder on their desktop automatically. The design of this features allows users and admins to sync all files and folders in place without moving them to a “magic folder.” In the unfortunate event your company or a user is breached by ransomware, they have back-ups of every file in every folder on Syncplicity, not just the few files they remembered to copy to the single “magic” sync folder of other EFSS solutions.
We recommend that you educate your users to sync all their critical files and folders, including Desktop and My Documents. As an administrator, you also have the ability to proactively specify the sync of any desktop folders to ensure that your corporate users are safe.
Establish an Enterprise Retention Policy
The most common ransomware variants attack by deleting files and replacing them with renamed encrypted versions, or by retaining filenames and encrypting the contents in place. In both cases, Syncplicity retention policies will enable you to ensure the files can be recovered.
The Syncplicity deleted files retention policy allows you to retain deleted files forever or for a specified time period, so that your original files can be retrieved after they are deleted by ransomware. Administrators should also review your file versions retention policy which controls how long prior versions of a file are saved after they have been edited or overwritten.
Exclude Risky File Types
To contain and stop the spread of an attack, administrators can block problem file types from syncing. Syncplicity File Type Exclusion Policy gives you the ability to preemptively block known crypto document types, for example those with the .locky and .crypt filename extension, and also block potentially malicious executables such as .vbs, .scr, and .exe.
Eliminate or Reduce Email Attachments
Ransomware often enters a system via email when a user unknowingly sets it loose within the organization by opening an infected attachment. One way to reduce your organization’s risk is to train employees to use Syncplicity to share links to files rather than opening documents directly from their email clients. The Syncplicity Outlook Add-In automatically transforms email attachments to links or users can copy a Syncplicity shared link into the body of an email message.
Establish a Recovery Plan
The restoration process after a ransomware attack can be time consuming and costly resulting in significant business impact. The attackers are betting that you’ll pay the ransom to get business moving again. However, with Syncplicity, the most critical component of your remediation strategy, recovery of the locked files, is covered.
With your retention policies and multi-folder sync now in place, users can restore files to prior unlocked versions and restore deleted files using the Syncplicity interface.
Enterprises that have been hit with system-wide breaches impacting multiple users and thousands of files should contact Syncplicity for assistance.
As the ROI continues to be attractive for attackers, it will likely be some-time before the current wave of ransomware attacks subsides. By following industry guidance and the strategies outlined above you can avoid being the next victim in the headlines.