As you may have seen by now, Cryptolocker has infected around 250,000 PCs so far and is still going strong. If you aren’t familiar with Cryptolocker, it’s a business owner’s worst nightmare. Once installed, Cryptolocker will encrypt files on the machine it is installed on as well as all network drives that machine is connected to. It then holds the files hostage while a timer tick downs until you pay a ransom. If the timer runs out and you have not paid the ransom, the program uninstalls itself leaving your files encrypted with no way to decrypt them.
For business owners, ransomware like Cryptolocker can destroy years worth of data. Just look what it did to a New Hampshire town authority. If this happens to your clients, they could loose thousands of dollars worth of data, or even worse, be forced to shut down completely.
If you are an IT consultant, it is your job to help your clients prevent this from happening. You are your clients’ trusted advisor and it’s up to you to make recommendations and provide solutions to your clients that can prevent data loss.
In the case of Cryptolocker and other ransomware variants that are sure to come, there are several things you can do to prevent a catastrophe. And the best part is, not only do you protect your clients from thousands of dollars worth of data loss, but you get to make money helping them out.
When attempting to protect your client’s data from ransomware like Cryptolocker, you really need to have a good multi-level strategy since any single solution you implement may fail to prevent infection or data loss. A good multi-level strategy can be made up of solutions like system monitoring and patch management, managed antivirus, managed offsite backup, UTM firewall, email protection, antimalware software, group policy restrictions and more. Let’s dive into each of these.
System Monitoring and Patch Management
The first step to protecting your clients from an infection is to make sure the machine is always up to date with the latest Windows and software patches. The best way to do this is by using a good Remote Monitoring and Management (RMM) tool.
RMM tools can also be set up to alert you whenever they detect a problem with the system so you can act quickly to prevent downtime and data loss. You can bill the client monthly for this type of service which will generate recurring revenue for you and your business. In return, they have the peace of mind knowing that you are taking care of their systems and watching for problems.
If you are just starting out, I personally recommend using MAXfocus Remote Management for your RMM tool. MAXfocus has a low minimum purchase and you only pay around $1 / per workstation / per month while other RMM tools make you pre-purchase a set number of licenses before you can use their product.
The next step is to make sure your clients have some type of managed antivirus software installed on their systems. With a good managed antivirus solution, you can monitor your clients’ antivirus software across their network to make sure they are always staying up to date and can be alerted if a machine becomes infected. You can charge your clients monthly for this service and they will have the peace of mind knowing that they will always have up to date antivirus protection and that you will be alerted as soon as there is an infection.
MAXfocus also offers a managed antivirus solution called MAXfocus Managed Antivirus which costs about $1 / per workstation / per month.
Managed Offsite Backup
Since no solution is guaranteed to stop an infection, your clients also need some type of managed offsite backup solution so, if all else fails, you can restore their data. A good managed backup system can be configured to alert you when backups fail or are successful. You can charge your clients monthly based upon how much offsite storage they need. They also receive the benefit of you monitoring their backups for them.
MAXfocus also has a managed backup solution that integrates with their RMM tool called MAXfocus Backup. You should also check out eFolder which is another brandable offsite backup product that you can resell to your clients.
Having a good unified threat management UTM firewall solution is key to keeping malware from ever making it onto the network in the first place. I personally like both Untangle and Sonicwall which both have great products for small to midsize businesses. These UTM devices do everything from content filtering to scanning all incoming traffic for malware. Untangle also offers a free version of their software which can be installed on your own hardware.
There are also DNS services out there for managed services providers like Umbrella by OpenDNS. This type of service can stop malware before it even hits your client’s firewall. You can bill monthly for all of these services as well.
Since a lot of malware including Cryptolocker is infecting machines via attachments, having good email protection can also help to prevent an infection. A good email protection solution will scan email for spam and malware before it even makes it onto your email server.
MAXfocus also offers an email protection solution called MAXfocus Mail which is a fully scalable hosted email protection solution built specifically for MSPs. You can charge your clients monthly for the amount of email users that are using this service.
Managed antivirus is great and is necessary but may not always catch all of the latest malware out there. For extra protection, it may be necessary to install malware blocking software like Malwarebytes Anti-Malware. Malwarebytes has a reseller program so you can resell it to your clients with a small markup.
For Cryptolocker and ransomware specifically, there are a few additional things you can do to help prevent an infection. One is to install HitmanPro’s CryptoGuard. CryptoGuard is a free and runs silently in the background keeping watch for Cryptolocker activity on the machine. If CryptoGuard detects a Cryptolocker install, it will stop it from encrypting your files.
Foolish IT has also created a free utility called CryptoPrevent which locks down the group policy settings on the system to prevent a Cryptolocker infection. You can either charge your client hourly, by the project, or bundle this with your other solutions.
When presenting these solutions to a client, I recommend that you bundle them all together into one managed services package. Don’t talk about the features of each solution. Your clients probably don’t care about the features. Instead, talk about the benefits.
Finally, what can each of these solutions achieve when they are all bundled together? The answer is complete data security and peace of mind for your clients. And that’s how you should present this to your clients.