29. August 2016
Increased security against ransomware through DMS
So-called ransomware continues to spread at a rapid rate. Computers are infected by emails, USB sticks and websites, existing files are encrypted and can only be decrypted by paying a ransom. The perpetrators act in a very skilful way. Business is good. Even town councils are affected and are prepared to pay up in order to get things back to normal. Even the Office for the Protection of the Constitution in Saxony-Anhalt is not safe from ransomware. With only around 10% of cases reported, the effects on the German economy are difficult to quantify because organisations fear damaging their image and reputation. Companies (and of course anyone who is affected) fall into a vicious cycle which needs to be broken. Instead of paying the ransom money and financing the development of such malware and the associated business model themselves, companies ultimately have to take steps to introduce effective preventive measures.
Malware takes advantage of failures in the IT infrastructure without mercy
Negligence in the IT infrastructure is exploited by ransomware with many people now beginning to realise that having outdated systems or software may mean the end of the road for their company. At the latest when the malware encrypts the first network drives and the entire company data is no longer available – this is when a company can be brought to its knees permanently. And there is no guarantee that the files will actually be restored when the ransom is paid. Importing a backup is not always the solution and can take several days. Especially since it makes no sense to import a backup into an infected IT infrastructure. Unless the backup itself has also been encrypted.
Preventive measures in the IT infrastructure and raising awareness among employees
Do not spare any money or time when it comes to your IT infrastructure and its maintenance. Make sure that you have the latest software and implement updates and patches as soon as they are available. You should focus on programs that can open and execute contents from the Internet or a network in particular.
In addition, extensive awareness among employees must be raised and this must be repeated on a regular basis. Not just to minimise the risk, but to be able to recognise signs of infection by malware more quickly and react in time. The perpetrators nowadays are extremely cunning. If you recognise pretty quickly from those common SPAM mails that the supposed diplomat from another continent has absolutely no intention of giving away 30,000,000 US dollars, then propagators of ransomware will have to work a whole lot harder to find their victims. Company emails are professionally forged and are pretty much as good as the original. Professional social engineering is no longer a rarity and supposedly trusted senders can no longer be relied upon.
Minimise risks with a Document Management system
When it comes to minimising risks, you should never rely on individual factors; instead a complete catalogue of measures has to be the focus. Implementing a company-wide Document Management solution can play an important part here. Accessing files and documents for ransomware is made much more difficult because it is not easy for the malware to jump from the client to the DMS server.
In the case of AMAGNO, even though all documents from a personal desktop, i.e. saved locally on the client and in processing, can be encrypted when a client is infected, the original file is still available on the AMAGNO server. The most recent changes that were made since the file was checked in may be lost but the original file is still available.
The difference is the rights concept between the traditional network drive and an AMAGNO server. In a network drive, the potential ransomware gets the same user rights to the files on the client and the network drive. In the worst-case scenario, the ransomware can encrypt all available files, which the employee can access, company-wide. This is where access to the files via the AMAGNO client differs because the user has only restricted access to the documents.
The threat currently posed by ransomware is still very high. Companies should raise and maintain awareness among employees, spare no expense in their IT infrastructures and react very quickly in the event of infection. A Document Management system can help protect files and documents in a company.