Ransomware is becoming a huge problem in the corporate world as more and more companies fall prey to this heinous act of terrorism. One of the biggest disasters that could befall you as a company – or even specifically as a DBA – is to come in one day and discover your shop has been taken over and held hostage.
“Ransomware is a type of malicious software … that threatens to publish the victim’s data or perpetually block access to it unless a ransom is paid.” – Wikipedia.org
There is no single step that can protect you from ransomware. Microsoft, and many others, have said for years that security is a layered process: never count on a single product, or a single avenue of protection. In this case they’re most definitely right…when ransomware slips past your antivirus software, you’re going to need another layer of protection to help contain it.
Today we’ll talk about an auditing layer, and how Minion Enterprise can help protect your shop from this vicious attack.
How ransomware works
Ransomware encrypts your files, then makes you pay to get them decrypted. But it doesn’t just take your workstation. It also reaches out to any network locations you have mapped, or that you’re simply using, or even sometimes locations that remain in cache…you don’t even have to be actively connected to them!
This happened to me once. Before ransomware was widely known, I visited a legitimate website, and my laptop became infected with ransomware. It then reached out and encrypted my OneDrive, as well as network locations I had connected to earlier that day.
Knowing this, we know that the first step is to lock down all of your server shares, and audit them to make sure permissions aren’t expanded again. For a home office like mine, this is fairly simple. But for a large shop with many servers, the task gets bigger and bigger. It can become impossible, because it’s a never-ending task.
The audit layer in two steps
To implement the audit layer, you must first perform discovery: Which servers have shares, and what are the permissions to those shares?
This is a huge question. It’s bad enough if you have 20 servers, but what if you have 200, or 700, or 1500? No one in IT has the time to go through all those servers by hand to gather shares and permissions. Even if they did have time, if you convinced management to make that project a priority and got it done and everyone’s happy that you’ve locked down the environment…well, one part of it anyway. Even if you did, what about next week? Or the week after that, or after that?
“What about after that?” is the second aspect of implementing the audit layer. You must not only find and fix those permissions issues on the shares, but you also need to regularly review to ensure that nothing has reverted.
You may have convinced the brass to make it a priority once, nobody wants to make this one task a full-time job. There’s just too much else to do.
Automate the audit layer
This is where Minion Enterprise literally saves you. ME discovers of all your shares and their permissions, and it maintains a constant audit of permissions on all the servers in your shop.
Louder, for the back row: ME does discovery of shares and permissions, and maintains a constant audit.
You can easily set up an alert to let you know when permissions on important shares change. This gives you an unprecedented view into your environment, and increases your security exponentially.
The alerting mechanism is flexible, so you can alert on any security change to the shares. You can:
- Alert when accounts get an access change
- Alert when new accounts are added
- Just alert on specific shares and specific accounts
- Alert when specific permissions are granted (like giving Everyone read and write)
There’s nothing to install on any of the servers you’re managing, and the alerting is done from a central location. This makes it effortless to change every aspect of your alert scenario.
Protect your shop today
You can’t guarantee that some computer in your environment won’t be infected with ransomware. But you can implement layered security. If ransomware does make it you’re your shop, ME will help greatly contain the spread.
And of course, that’s just one small part of the security features in Minion Enterprise.