Ransomware
Everything you wanted to know but were afraid to ask!
What is ransomware?
Ransomware is when your data is in the hands of others.
In the past, this simply meant that all of your data was encrypted and there was a new file that you could open that had instructions for paying the bad guys a certain amount of money in some type of crypto currency. As time passes, the amount you had to pay went up.
A new trend in ransomware is that your files are left intact and the bad guy copy all of your data and threaten to release the data to the public if you didn’t pay.
This new trend is beneficial for the bad guys since they don’t have to deal with “customer service issues” related to helping you recover your data.
How does it happen?
The most common method is sending emails with bad links in them. A PAYPAL or UPS logo is used along with an urgent sounding message. The user is tricked into clicking on the link and within seconds, the malware is downloaded and goes to working either uploading all files on the network or disabling backups and encrypting files across the network.
How to protect yourself
A layered approach works best to prevent ransomware from taking hold and destroying your company:
- Install antivirus/endpoint protection on every workstation and server.
- Update the firmware on all routers, printers, etc.
- Have backups and TEST THEM! Keep the backups offline and encrypted since the first phase of ransomware is to disable backups.
- If using Active Directory, consider a group policy that disables certain files from running in temp folders (where internet files get downloaded).
Ask yourself (or a member of your IT department) is the data on our system backed up? Demonstrate the recovery process. Do this for every device that houses your data: Domain controllers, database servers, file servers, everything.
How to respond
First and foremost, never pay the ransom. We will discuss why in a moment.
Follow these general steps to help in an emergency:
- Identify your cyber incident response team
- Determine that the incident is real.
- Identify the source of the ransomware (which user/workstation was infected) and get the source disconnected from your network.
- Identify contacts, phone numbers, and email addresses for service providers (using backblaze for offsite backups is a great idea).
- Grab your system maps, and network configuration documents. You will need to know quickly which systems are affected and which are still online.
- Contact your public relations team to create a press release, if appropriate.
- Determine the scope of the data loss and begin recovery.
- When the data is recovered and all systems are functional, spend the time to analyze the lessons learned.
- Don’t forget to report the ransomware incident to the FBI.
Never EVER pay!
The price of ransomware demands continues to rise. Many demands are now over $1 million (USD).
Once a ransom is paid, it can take weeks to get a tool to recover data. Remember, these are criminals and they have no obligation to give you anything after you them. Their only motive to help is that it cannot become public knowledge that paying a ransom is wasting money. This affects their future “income”.
The true cost of ransomware goes far beyond the price paid. Consider:
- The lost trust of partners and customers.
- Employee salary while sitting idle.
- Lost customers.
- Labor cost associated with recovering from the incident.
As you can see, the costs add up. It is much cheaper to take steps to protect your data before a breach happens.
Hire Us
We hope this article has been informative for you. Interon has now set up many “open source offices” and the economic and security benefits for our clients have been immense. If you would like to learn more or hire us to implement any or all of the technologies discussed feel free to call us or use our CONTACT US page to request more information!