PDF to download at the bottom of the page.
Among the most vulnerable systems, the obsolete Windows file server is the target of most ransomware attacks. We can cite such ransomwares as Ryuk, Egregor, Ragnar Locker, Clop, Maze, Wanna Cry, Petya1 ... According to ANSSI (2020), Ryuk is responsible for 75% of attacks on the health sector (PDF rapport on Ryuk).
In 2020-2021 many cities were affected, as well as hospitals, mid-sized companies and large groups such as Dassault Aviation US, Sopra-Steria, Wagons-Lits, CMA-CGM... SMEs are not spared either! Anyone may be the target of ransomware one day, so it is better to prepare for it.
In general, these attacks are launched when an email or an attachment is opened on a PC without updated antivirus software. The entire file server is then locked and a ransom is demanded (sometimes several millions) to recover its data. Sometimes there are catastrophic consequences: several days, or even weeks of interruption of service. This risk increases tenfold if collaborative work is based on the "file server + messaging" couple.
- Zero sent attachments (to privilege the secure links) and verification of the incoming content source.
- Secure document access: to prohibit "generic" accounts, to have access to workspaces managed by business managers (and no longer the CIO), to avoid roles giving access to all data by default.
- Identity management via its AD / LDAP (to avoid management in each of its applications).
- Antivirus is always updated, as well as applications!
- Audit trails to identify the sources of a flaw.
- Automatic "versioning" of files which, in the case of encryption of the latest version, allows previous versions to be recovered.
- Business management separate from system administration (accountability, facilitated GDPR ...).
- Zero attachments: files shared via secure links (audited, time-limited).
- Management of authentication delegated to the internal directory (AD / LDAP) to comply with its policy of password management or SSO.
- Platform 100% dedicated to the customer in sovereign SaaS or Onpremise (and not a shared GAFAM cloud ...).
- Open Source: auditable code, durability and responsiveness.
- Service offer with security monitoring, including the "Hotfix" fixes on Open Source components: relieves the CIO of a very important job and avoids having vulnerable obsolete components.
- Possible SecNumCloud hosting (Outscale partner).