These two checkboxes could save you thousands of dollars and hours of your life.
If you have been living under a rock for the past few years, you’ve never heard of Cryptolocker, Cryptowall, Crypto-whatever. Ransomware: the scourge of IT and businesses everywhere. Long story short, a client computer gets infected, the malware seeks out document directories and network drives, and a short time later, users can no longer access their critical files. On their desktop sits a ransom note demanding PayPal transfers, bitcoins or other forms of payment.
What’s happened? Well, your files have been encrypted, and the attacker has the only key. If you’ve reached this point, it’s too late. You’re infected. The only way to recover from this is to restore from a backup. Unfortunately, way too many companies fail at backing up their critical data.
Even if you have backups, it can take hours to restore. During the restore process, your end users and employees cannot do their jobs and your business is losing money.
As world-renowned IT professional Benjamin Franklin put it, “An ounce of prevention is worth a pound of cure.”
As ransomware has become a part of life for IT, preventative measures have begun to surface.
Trend Micro has joined this club. While updating a client’s AV (Trend Mirco Worry-Free Business Security Services) and reviewing the Behavior Monitoring settings, I found the following checkboxes (unchecked):
In the Trend Micro console, under Devices > Configure Policy > PolicyName > Behavior Monitoring you will see these checkboxes. In my case they were unchecked. I checked the boxes and saved the policy. A few days later, I got a call from my client after he got an alert from their AV system. I checked the console and found:
Someone had stumbled across some ransomware, but Trend Micro stopped the spread in its tracks. The file in question here was not encrypted, nor were any other files. Directly after checking the file, we scanned all machines and received no further alerts.
If you have Trend Micro, we highly recommend enabling this simple feature.