News

On June 27, 2017 it was reported that Petya, a new type of ransomware, started spreading across Europe and has also impacted organizations in the U.S. While the origins are still being debated, it is feared that Petya may start with a phishing email that is using a code execution vulnerability in Microsoft Office and WordPad (CVE-2017-0199) and then taking advantage of EternalBlue (CVE-2017-0145), which is the same vulnerability exploited by WannaCry. 

What do you need to do to protect yourself? The best way to deal with ransomware is by not getting infected with it at all. At this point, you should alert all of your users to the situation and make sure they know not to click on Microsoft Word documents that are suspicious.

If you are behind on patches for your Windows machines you should look to implement them as soon as you can without interrupting your business. If possible, isolating critical systems so they are not allowed to browse the Web and users are unable to check personal email will help to minimize the chance of ever being infected.

There are other technical security controls that can help, but in many cases solutions like Anti-Virus (AV) are not going to catch everything. Ask your IT department about implementing Hardening Standards to minimize the chance that ransomware could even be installed or downloaded. For example, removing administrative access to users' computers and implementing software restriction policies to prevent programs from executing from common ransomware locations (e.g., temporary folders supporting popular Internet browsers, compression/ decompression programs).

Most importantly, make sure that you have backups in place. If you are not in IT, ask to see evidence that backups are working as expected. The simplest way to deal with a ransomware attack is to just restore files with a recent backup. All too often, companies find that backups are not current or (potentially even worse) they are not working as expected when they are needed the most.

Finally, there are some additional recommendations and technical controls that can help:

• Make sure employees are aware of ransomware and of their critical roles in protecting the organization's data.
• Consistently patch operating systems, software, and firmware on digital devices.
• Ensure unsupported and obsolete systems such as Windows XP are upgraded to newer and supported versions.
• Ensure anti-virus and anti-malware solutions are set to automatically update and conduct regular scans.
• Configure access controls, including file, directory, and network share permissions appropriately. If users only need read-access to specific information, they should not be provided write-access to those files or directories.
• Disable macro scripts from Microsoft Office files transmitted over email.
• Implement two factor authentication (2FA) wherever possible, but especially for all remote access and online services.

Ransomware attacks can be extremely complicated and you need a partner to help you figure out the best approach to recover. Markel's dedicated claims team, in conjunction with our information security partners, stands ready to assist our insureds in the event of an unfortunate ransomware situation.

This article was written by Scott Culler, Senior Managing Director at Markel and has been reproduced with permission.