Ransomware: Protect Yourself

A client asked me via Facebook yesterday if I’d heard of “ransomware.”

“Yep.  Nasty business,” I replied.

“Someone hit the Chamber [of Commerce].  Am I safe?”

crossbonesMy client’s concern is absolutely justified.  Ransomware, as it is known, is malware that disturbs a computer in such a way to make it unusable and demands the user pay a “ransom” to restore the computer’s operation.  There are literally millions of variants of ransomware, and they can do things as simple as locking you out of your PC to encrypting every file it can find on your PC and even on your network.  Encrypting ransomware – the one we’re most weary of – will encrypt everything it can find on local disks, including USB storage and mounted network drives.  Some have even reportedly sought available shared folders on the network, even if they have never been accessed by the user.  The encryption employed by recent variants is scary – they use a 2048-bit encryption key which, in a few words, makes recovering the files computationally impossible without paying the ransom to obtain the key.

Distribution

Ransomware typically shows up via an e-mail attachment or a downloaded file.  There are known instances where ransomware was automatically downloaded and run using a combination of crafty advertising and browser exploits, resulting in the software being installed and run without the user ever knowing (until it was too late).  It is also distributed through USB flash drives and other portable media.

Reasoning

You might ask why people do this, and that’s a good question.  The answer is very simple: money.  The ransom demanded is typically $500 or more in any case, and one high-profile incident cost a hospital $17,000 to get their data back.  Typically there is also a deadline – you’ll only have a few days to pay the ransom or it will double.  It is estimated that ransomware has generated tens or even hundreds of millions of dollars for the attackers.  Most of them that we’ve seen here demand the payment be made in the form of Bitcoin, and for anyone who isn’t familiar with the currency will learn that it takes a few days just to make the payment.

Consequences

For a regular PC user, a ransomware attack can cost them their files – the loss of memories captured in photographs and documents can be sad and unnerving.  Or they can pay the $500 or more in ransom to get those memories back.

But for a business or organization, the effect is exponentially larger.  Most companies today rely on the information in their computers – QuickBooks and other financial software for bookkeeping, e-mail for communication and customer service, documents and spreadsheets used in quoting or record keeping, and the list goes on….  Losing some or all of this information can be devastating to any business, but likely more so for a small business.  The ransom is only the first number to look at.  If one were to quantify the cost of employee downtime, potential loss of business opportunities, and the halt in productivity, the ransom is just a small part.  There is also the time needed to pay the ransom and the possibility of a decline in the business’s reputation caused by the downtime.

Protection

Since ransomware shows up from so many sources and in so many forms, there’s no end-all solution.  There are only precautions to take to mitigate the chances of infection, and they’re really no different from what we recommend to any business or individual:

  • Employ effective and reputable antivirus software.  There are so many PCs out in the wild without any security software – we see them every day.  If you keep a high-quality antivirus and security software package up-to-date, it will detect and stop over 95% of any malicious software out there.
  • Use best practices.  I’ve told many people before that there is nothing free on the Internet.  Most people get infected with some sort of malware when they’ve downloaded a “free” game or software utility from somewhere.  There are also many cases where the user went to download a common program (such as Google Chrome) but was led to an unauthorized site by a search engine and downloaded an infected installation without realizing it.  The key is to know what you are downloading and that you are getting it from the right place.  Also, try to stay away from video streaming sites and general time-wasters – many of those sites host advertisements that can lead to mayhem.
  • Back up your data.  This is a no-brainer, but I have found that many businesses either don’t want to spend the money or don’t want to take the time to back up the information that their entire company depends on every day.  When one looks at the disaster caused by ransomware, they might eventually say (though they may not admit) that they would have been better off paying someone to make sure their business is protected.  If there are proper backups, business operations can be restored within hours in most cases and without paying any ransom.
  • Restrict the use of unauthorized software.  Most small businesses have to resort to policies alone to prevent users from downloading and running questionable software, but in some environments, directory services can deploy group policies to help with this.

So when my client asked if he was safe, I replied “I’d say you’re safe, but there’s never a guarantee.”  As the person in charge of operating and maintaining several networks, I hesitate to guarantee anything – simply because I don’t actually own the networks and therefore do not have full control over them and their users.  If your business doesn’t have a dedicated technical support person, your best bet is to hire a professional firm to monitor and maintain your computers and network.

We highly recommend ourselves.  Get with us – we are always available.

Leave a Reply

Your email address will not be published. Required fields are marked *