By Chris Edwards
Manager, IT Services
Ransomware has been around for a number of years, but has increasingly become a larger problem, both at home and in the business world. It is a type of malware that installs covertly on a victim’s computer, and then literally takes it hostage: blocking access or functionality until a ransom payment is made to restore it.
McAfee Labs researchers identified 4 million samples of ransomware in the second quarter of 2015 alone, and expects those instances to grow in 2016, according to Security Magazine. One “Trojan” piece of ransomware, CryptoWall, accrued more than $18 million before being taken down by authorities.
The Atlantic even reported on a string of ransomware attacks against police departments in Massachusetts, Tennessee and New Hampshire! They had to pay ransoms between $500 to $750 to have their systems restored. Clearly, ransomware hackers are not lacking in boldness.
Here are the things you need to know, as well as preventative steps you can take, to head off the ransomware threat.
Ransomware comes in two forms. The first is a screen which seems to lock you out of your computer. Most IT and security staff can help you clear this up with some time and effort.
The second form encrypts your files, both on your local computer and your network, and demands a fee for the key to decrypt them. While at times the virus has had errors allowing security professionals to defeat it, that is no longer the case.
In the past, it was advisable to not cooperate; as much as 75% of paying parties never received any further communication or their decryption key. Unfortunately, the FBI now advises that victims pay the ransom.
Most ransomware is transmitted via links or files in email, usually made to look legitimate. It can also be transmitted via pop-ups in a web browser. The key is to get the victim to click on the link, causing the virus to be downloaded where it will install itself.
Once installed, it will immediately begin to encrypt every data file it can access, and does so extremely quickly. It will leave behind numerous files with instructions on how to pay the ransom. While the FBI now advises most victims to pay, there is never any guarantee that payment will result in decryption, and there is no recovering the time lost while systems are restored.
The best defense is to never become infected. Teach your staff and remind them regularly to avoid clicking on links that appear suspicious. If the email isn’t expected or looks like something that person wouldn’t send them, chances are it is illegitimate.
Use a virus scanner to scan email attachments. Most cloud-based spam filtering services will now also scan your email for these links and virus attachments, but their success rate isn’t 100 percent. And just one failure can lock every document and data file you have.
Have your staff use pop-up and ad-blocker software in their web browsers as these viruses have been transmitted this way from popular sites like Yahoo and Forbes. Limit the access your staff has to key files; their computers do the encrypting at the behest of the ransomware, and if people can’t edit the files they can’t inadvertently encrypt them.
Finally, make sure you have a regular backup of all the documents necessary to run your business, and have it tested frequently as well. Keep a copy of these backups off-site, either through a cloud service via the internet or by taking the files physically off-site, such as on a tape backup.
Doing so keeps the backups from being potentially damaged or infected, and also protects you in case of damage from fire or other natural disaster affecting your data’s physical storage devices.
With a regular backup, you can restore the files that were encrypted, avoid paying the ransom, and at worst lose the amount of work between when the backup occurred and the encryption was discovered.
If you need to consult with an expert about protecting your company’s data, please call Chris Edwards at (317) 613-7855 or email [email protected].