The State Police periodically receives complaints from both physical and legal persons about various ransomware attacks, which gains access and encrypts a user's computer system or data, blocking access by the user, sometimes until a ransom is paid. In the case of the educational institution information from servers, hard drives and computers was encrypted.
Over the past year Dharma family ransomware has been the most common virus, most frequently using Microsoft RDP (MS Remote Desktop Protocol remote access) over public internet that has a weak password. The State Police and Information Technology Security Incident Response Institution Cert.lv are reminding internet users to be careful and conduct regular security checks:
- Create backup files and store them separately, check on them regularly
- Check permissions for shared folders
- Improve security for public remote access and administrative tools, preferably only connecting through a corporate VPN or protect servers using smartcards and IPSEC (Network Level Authentication)
- Download and keep and antivirus program updated, as new viruses appear every day
- Don't open emails from unknown senders or unknown attachments, instead use alternative communication to establish legitimacy, keeping in mind that viruses can also send themselves from the infected accounts of known senders
- Delete your cookies and avoid saving or synchronizing passwords when using public computers, or even avoid using your private accounts when possible
- Use a firewall that warns you about and blocks suspicious activities
As important as precautionary measure are, there also needs to be a plan of action if an incident does occur. State Police and Cert.lv suggest to never give ransom money to bad actors, as it promotes the creation of new viruses and doesn't guarantee file access. Instead, they suggest informing the State Police or Cert.lv, who will instruct you towards further action.