Forbid users (admins and owners included) from doing any private browsing or checking personal email in the workplace. It’s a good idea to notify users traffic can be tracked from the firewall.
Do not click on ANY email links! Contact the sender and verify the message sent was intended. DropBox and file download links are the most common way to download a compromise.
Do not open any attachments (Word and Acrobat especially) unless you are expecting them. Ransomware viruses spread using compromised macros.
Make sure users notify the primary contact of any unusual workstation behavior regardless of what they are doing, it can make huge difference in ransomware outcomes.
If a user sees a black screen that looks like DOS, basic Windows, or a splash screen indicating infection shutdown the machine immediately. Unplug or power off at the button. This will reduce the spread of a ransomware compromise and stop the encryption process of some files. Ransomware compromises navigate the network and infect anything they can see; shutting down the root can be the difference between containment or a complete outage.
DO NOT PAY THE RANSOM UNLESS OTHERWISE INSTRUCTED. The infrastructure used to retrieve decryption keys has been shut down by authorities; even if you make a payment you cannot correspond with the responsible party to retrieve data. All preventive measures are in place at your location, please ask employees to be remain diligent. Most infections are due to users opening an attachment or clicking a link. All restore methods include days of downtime even if data can be retrieved or restored. Please remain cautious until the threat is contained globally.
PHONE SCAM: Do not respond to voicemail messages instructing you to call due to security issues with your Internet connection.
Get more from your network with our Managed IT Services