Latvian State Police periodically receive complaints from private and legal persons regarding different encryption ransomware virus attacks. Viruses of this kind encrypt files and hard disks, denying owners the use of their computers and information stored therein, police report.

At the end of 2019, State Police’s Main Criminal Police Department Economic Crimes Enforcement Office received information that one of Latvia’s educational institutions may have become a victim of a cyber- attack, which had impacted server and workstation operations. Attacks had encrypted server and workstation files.

In the past two years viruses of this kind have been known to target small and medium-sized companies that do not have sufficient information and resources to prevent cyber-attacks. Lately attacks from dharma-family encryption viruses have been particularly common in Latvia.

The spread of this type of virus usually happens through Microsoft RDP (MS Remote Desktop Protocol remote access) and public internet protected by a weak password.

Considering the periodic appearance of such viruses, State Police and Cert.lv urge residents to be careful and use standard security measures on a regular basis.

It is recommended to create backups of valuable files and store them on a separate system, as well as check to see if reserve copies are even useable.

It is also recommended to heighten the security level for remote access and administration tools (RDP and SSH, for example). It is also recommended to permit the use of RDP only through corporate secure VPN. Microsoft also offers a specific mediator service intended specifically for RDP protection – Remote Desktop Gateway.

If, however, for any technical reasons an RDP service is needed, a good practice is using smartcards to protect users’ accounts on top of passwords. It is also a good idea to regularly update RDP service by using IPSEC (Network Level Authentication) to make sure users authorized to access using RDP use long and complicated passwords.

State Police and Cert.lv also recommend using up-to-date antivirus software. By using an updated version of antivirus software it is possible to protect one’s computer from most viruses.

Many types of antivirus software are sold using subscription service, but there are also free ones, as well.

It is also recommended to not open e-mail letters from unknown senders. Many viruses are contained in e-mail attachments.

For example, in the case of Emotet virus, it infects the device and attempts to multiply by using the user’s list of e-mail addresses and sends them an e-mail with its copy. If the e-mail is sent to a person or organization the user had previously contacted with, it increases the probability of the attachment being open.

Specialists also recommend deleting cookies regularly and not saving passwords when using public PCs. Another good practice is not accessing private or work e-mail from public PCs. If users do end up accessing private or work networks, at the very least it is recommended to exit from accounts after finishing work.

Firewall is also a highly important security measure. Firewall or other firewall-type software helps warn against suspicious activity, such as a virus attempting to access the PC. A firewall can also block a virus, Trojan or another user’s attempt to download potentially dangerous software.