To fully understand why Locky has secured its spot as one of the most prolific forms of malicious software, take a look at the effect it had on Methodist Hospital in Henderson, KY. It’s a cautionary tale about the severity and extent of ransomware downtime costs.
What makes Locky dangerous?
Like other types of ransomware, Locky is designed to encrypt important files for the purpose of holding them hostage. And it can also encrypt network shares and drives that your workstations may not normally have access to.
The IT team at Methodist Hospital experienced this first hand when the Locky ransomware “tried to spread from the initial infection to the entire internal network, and succeeded in compromising several other systems.” As a result, the hospital had to shut down all of their desktop computers, declare an internal state of emergency, and bring systems bringing systems back online one by one only after scanning each for signs of the infection.
Protecting your Network from Locky
When it comes to your network, you’ll need to take additional safeguards to help prevent attacks and minimize the impact from a Locky infection:
- Never use the administrator account on any of the computers in your environment. Instead, use guest accounts that have access only to the need to have and need to know information. This way, you can prevent escalation of privilege and other types of infiltration into your system.
- Do not keep the computers you use for business connected in a local network. Ransomware is capable of encrypting not only the data on the computer where the infection succeeded, but also on all of the other computers that are connected to it though a local network. By keeping the computers isolated, you have a better fighting chance against this threat.
- Invest in a Disaster Recovery as a Service solution. You’re probably like, I have a cloud backup solution in place, so I’m covered. Wrong. Keep in mind that with a cloud backup solution, you can restore individual files and folders, but they are not designed to restore entire networks. Modern DRaaS solutions backup files, folders, and VMs which enables CISO and IT administrators to quickly restore and failover applications in minutes.
So, if you’re interested in learning how to protect your business from ransomware downtime, get the “Un-locky for Business” eBook.