Ransomware has been making the headlines lately, having attacked high profile systems such as Hollywood Presbyterian Medical Center, the University of Calgary, and the San Francisco Metropolitan Transit Agency. This leaves many business owners with the question of “what is ransomware, anyway, and is my business at risk?”
What is Ransomware?
Ransomware, is a type of malicious software that prevents you from being able to access your files by encrypting them and making them unreadable. Once all of your files are encrypted, a ransom note is displayed, demanding a payment (usually in Bitcoins) to unlock all of your files.
Ransomware is typically caught via email, though infected web ads are becoming more prevalent. Malicious emails will usually contain an attachment that is disguised to look innocent (think resume.pdf.exe, invoice.docx.zip, or earningsreport.xlsx.js). Once this attachment is opened, the program runs silently in the background, encrypting every document and picture it can find on the local computer, before going through every network drive the user has access to. Some variants will open a ransom note once the encryption is complete, and some just leave a note for the user, or IT personnel to find.
Am I a Target?
Yes. While the above examples were large organizations, and high profile targets, everyone, from large enterprises, to small businesses, to home users, is a target for ransomware. Ransomware is a multimillion dollar industry, and attackers do not care who their target is, as long as they can make money off of it.
What Should I Do If I Get Infected?
If you believe that you have ransomware, contact your IT professional, or service provider immediately. Even if you are not 100% certain that it is ransomware, it is better to investigate a false positive than to let it continue to encrypt your network.
Your IT support will determine which computer is the source of the infection, and remove it from the network. Once “Patient Zero” has been contained, they can move on to assessing the damage, and working on recovery. While ransomware will promise to restore your data if the ransom is paid, Reliability does not recommend paying the ransom, for three primary reasons:
- By paying the ransom, you are financing criminals, and making their practices profitable for them. By taking away the profit motive for this act, you help discourage it from occurring the in future.
- You identify yourself as a target that will pay up, increasing the odds that you will be targeted again in the future.
- Most importantly: there is no guarantee that paying the ransom will give you back your data. There have been cases of ransomware, such as Power Worm, that were poorly coded, and deleted the encryption key, making it impossible to decrypt your data, even if you paid the money.
How Do I Protect Myself and My Business?
The most important element in protecting your data is having good backups. This is important, even beyond protecting yourself from ransomware, but proper backups are what will save you from paying the ransom. The University of Calgary, and the San Francisco Transit incidents, listed above, provide good examples. Both organizations faces a five-digit ransom, and both organizations suffered downtime, but San Francisco Transit avoided the ransom by recovering from backups, where as the University of Calgary paid over $20,000 to ensure their data was recovered.
In addition to allowing you to avoid paying a ransom, many backup solutions allow an organization to power up a virtual copy of a server, allowing you to access any network shared files, while the actual file server is restored, minimizing the downtime experienced. Reliability Technology Solutions can advise you of the state of your current backups, and make recommendations, where necessary.
Another major pillar is training users on how to avoid these infections. Most ransomware attacks are caused by fraudulent emails, intended to trick a user into opening the virus. By helping users understand what types of emails to be on the lookout for, and how to spot a scam, or fake email, these attacks can largely be avoided. We will be making another blog post soon, going over how to spot these kind of emails.
On top of backups and user education, there are policies and server-based tools that can be employed to prevent, and detect ransomware infections. Give Reliability a call, and we can sit down with you and develop a customized plan to protect your business from ransomware.