What is Ransomware and How Do I Protect Against It?
What to know to keep your data from being lost.
Ransomware is proving to be one of the viruses that almost every business is getting hit by at least once with an increase in sitings by 195% in the first quarter of 2019.
These nasty bugs are definitely the more dangerous for businesses moving all their big data to the digital arena; unfortunately very profitable for hackers with Cryptolocker grossing up to 30 million in ransom. Yes you read that right, a small group thought to be based out of Russia has raked in an estimated 30 million (with an M). I've seen ransom demands in the thousands, most of them demanding Bitcoin as payment (to read more on why see this article).
Before we go any further, let's start with the basics: What is Ransomware?
It used to be a rather simple thing, locking up your computer with a big supposed "FBI" notice saying you've been visiting illicit websites and to pay up or you go to jail. When this was the strain, it was pretty simple to clean up and go on your way. A simple stop at any old computer shop would typically be able to eliminate your problem. Now however, it launches itself in memory and acts like any other user, it is after all just touching many documents at rapid speeds.
What is it doing with these documents? It's encrypting them; you know, turning what used to be "My Important Information" to "TXkgSW1wb3J0YW50IEluZm9ybWF0aW9u" (or gibberish to most). If you have ever tried to view a picture or video that has gone from readable data to random gibberish it's almost funny, if it isn't extremely important to you.
Truth be told, the decryption process could be rather simple, IF you had the key. Who has the key? You guessed it, the people who made the Ransomware - 9 times out of 10 a person or company based in Russia, but more of why that is to come in another article.
Now that you know what it is, the most common question to follow is: "why would anyone pay the ransom?" Unfortunately a lot of companies come ill prepared when it comes to this type of threat. A lot of backup strategies either don't exist or date back to an era where backups were really just needed for hardware failure (the computer caught fire!). When your company is frozen; losing hundreds or thousands of dollars for every minute, hour, or heaven forbid day you're not operating. Remember that spreadsheet that ran everything is unable to be accessed in any way that is meaningful and your IT guy is telling you there is no way to recover. Either start over from scratch or pay the ransom... what would you do? A few thousand dollars can sound like a very appealing price when the comparison is that you go back years to when you first started building your business from the ground up.
So how do we protect against it?
- A solid backup strategy is a huge start. In most cases backups are reactive rather than proactive but even the most proactive business has to fall back on this sooner or later with ransomware being the way it is today.
More recent strains have been undetectable by even some of the better antivirus solutions, even some older strains are difficult for antivirus to detect because of its mannerisms closely mirroring normal human interaction. A solid backup strategy is going to depend largely on your business, your budget and what acceptable loss might look like to you. Most strategies at least have a daily, weekly and monthly backup, allowing you a situation to go back to yesterday. The next big item is to make sure backups are transferred offsite, as ransomware has been known to also encrypt backups. For more details on what a good strategy looks like for your business, feel free to reach out to us.
- Make certain you have good up-to-date antivirus; this one is pretty standard, most antivirus is claiming they'll combat ransomware but there's many that slip through. Even an antivirus that catches it, is likely to only do so after the ransomware has already encrypted a few files.
- Train your employees or users on some of the basics: double check email attachments, double check links in emails, and be cautious of the websites you go to. That said, I've personally seen a scenario where a local restaurant's website was compromised, so when employees were going to see the menu to make plans for lunch, the virus was downloading and launching; unfortunately this just goes to show you that even the most proactive strategy can fail from time to time.
I personally allow all my clients to forward me any emails they feel questionable, I would personally rather help teach people in what to look out for than allow for a scenario where a mistaken click causes serious issues.
- Lock down files people don't need access to. I have yet to see a strain of ransomware that encrypted a file it didn't have access to. If the intern at the front desk doesn't need access to "Important Financial Data Spreadsheet" make sure that you or your technician are locking down this file.
There are more ways that you can help protect against this modern threat but the above items are the major ways.
Now that you know what ransomware is, and how to help protect against it, it is important to make sure your IT Security is up to par; don't find yourself caught in a situation were you're paying the ransom. The less ransom that gets paid, the less likely we're to see more of this in the wild.
Thanks for reading!