Updated on November 29, 2020
While viruses, worms, and Trojans are classic examples of malicious computer software, in recent years, other forms of malware have become more prominent. At the forefront, especially for businesses, is the threat of ransomware.
Chances are that you've heard about ransomware in the news—you might even know someone who's been affected by it. Let's take a look at what ransomware is, the threat that it posts, and how to stay safe against it.
What Is Ransomware?
Other kinds of malware might show pop-ups for advertising dollars, hijack your computer for nefarious purposes, or steal your information. But ransomware is different: it encrypts the data on your computer and demands that you pay money in return for the key to unlock your files. Most of the time, the ransomware demands payment in cryptocurrency, such as Bitcoin, as it's virtually impossible to trace.
Encryption scrambles digital information into unintelligible gibberish unless you have the decryption key. You may remember how iPhone encryption got in the way of the FBI when, for a time, it was unable to access an encrypted iPhone. If the FBI has trouble with it, your small business certainly will as well.
How Does Ransomware Work?
Ransomware often gets onto a system like other malware. Much of the time, people inadvertently introduce malware on their systems by download a dangerous file from a suspicious email, clicking a link on a shady website, or similar.
Once it gets on your computer, ransomware starts encrypting all your files, then demands that you pay money to the attacker for them to decrypt it. Should you fail to pay within a certain time, the price will go up or they'll erase the key forever (depending on who is behind it). If you attempt to remove the encryption, they threaten to delete the key so you lose access to your files forever.
This video shows what happens when a computer is infected by WannaCry, a strand of ransomware that was used in a global attack in May 2017.
How to Reduce the Risk of a Ransomware Infection
The best way to avoid the headache of ransomware is preventing it from getting on your computer in the first place. Second to this, you need to have a backup plan in place so you can recover if you are hit by ransomware.
Thankfully, there are steps you can take to reduce your risk of infection and give yourself options if there is an attack.
The most important way to prevent ransomware crippling your infrastructure is by backing up your data. By keeping frequent backups, you'll have a recent copy of your data in the event that it's all encrypted and rendered unusable.
However, this comes with a caveat: the media you back up to must not remain connected to the computer, or it's also at risk for being attacked. If you back up to an external USB drive that's always connected to your PC, the ransomware is likely going to see that drive when it hits and encrypt it along with your local disk. In this case, your backup wouldn't be able to help.
We help clients select the correct backup solution, keeping these factors in mind. We recommend the 3-2-1 approach to backups:
- 3 copies of any important data
- 2 types of media (such as disk, tape, or cloud)
- 1 copy offsite (to prevent loss due to fire, electrical storms, or other local physical destruction)
Even with this plan in place, consider how these different types of backups are connected to a computer, as they could still become infected.
For example, if your primary copy of the data is a local Dropbox account (one copy on the local machine, and another copy in the Dropbox cloud), and you also back up to a USB drive connected to your computer (the third copy), you are technically meeting the 3-2-1 rule.
However, if you are hit by ransomware on your computer while the USB drive is connected, it would be able to encrypt all three locations. It could hit your Dropbox since there's a local Dropbox folder on your PC, as well as the USB drive since it's currently connected.
You'd have to use Dropbox's method to recover encrypted files, which is much more cumbersome than a purpose-built cloud backup tool like CrashPlan. It's capable of restoring large amounts of data from a point in time before the data was encrypted. If you end up in this situation, having that extra layer of protection is well worth the extra cost.
Review Your Layers of Security
Anything electronic cannot be 100% secure. As a result, we typically talk about security in terms of layers. The more layers you have, the less chance there is of infection.
For our Managed IT Services clients, we handle the following:
- Webroot Antivirus: Powerful cloud-based lightweight antivirus, fully managed and monitored by Houk Consulting.
- Fortinet Firewall: Perimeter network defense with its own antivirus and web filtering.
- Cisco Umbrella: When you visit a website, computers use DNS to turn website addresses (such as google.com) into IP addresses (like 22.214.171.124). This lookup process can be used as another layer of security with OpenDNS's filtered DNS servers, configured to allow access to only safe sites.
- Encryption at rest: Prevent access to data by encrypting the contents of all portable media.
- Spam filtering: Prevent email messages containing dangerous links or attachments from getting to your inbox to begin with.
- 24/7 Monitoring: If there is an infection, it might try to hide its presence. Monitoring can help catch situations where something is not quite right.
The more layers of defense in place, the better protected you are. Our job is to help pack as many layers as possible without interrupting business operations. We continue to research and add or modify layers for our clients over time.
Watch What You Download
Lots of dangerous software can get onto your system through downloading and installing programs. While some of these aren't too harmful outside of nagging you with ads, others can be full-blown malware. It's important to be careful what you download and have company policies (such as an Acceptable Use Policy) to guard against harmful downloads.
Be careful when downloading new software to run on computers. Some download sites have misleading ads that look like a download button, but are actually links to malware. If a site shows pop-ups suggesting that Java, Flash Player, or other runtimes are out of date, don't click on them. Run the built-in updaters for these programs from a local computer search or go to the company's website directly and check for an update that way.
In general, don't click on ads (even ones that look like legitimate downloads) and you'll greatly increase your safety. You shouldn't ever click on a link in an email that you weren't expecting, either.
Update Your Software
It's vital to keep all the software on your computer up to date, especially Windows system patches. Whenever you see a (legitimate) update for software, make sure to install it. If you are not sure, ask your IT staff.
The good news is that a reliable IT provider should handle all these updates for you. Using management software, we can set important software to run updates on a schedule—helping to ensure that you don't have old, vulnerable software sitting around on your systems.
What if I Get Infected by Ransomware?
If you realize that a computer on your network was hit by ransomware, you need to immediately take it offline and power it down. That means unplugging any Ethernet cables that are connected to it, then holding the power button for several seconds until the machine does a hard shutdown. On a laptop, it's not a bad idea to remove the battery, as well. With any luck, you'll interrupt the process before it gets far.
Also important: don't pay! There's no guarantee that the people who crafted this infection will actually stay true to their word and give you your data back. Paying encourages this kind of criminal activity, and could make your business a target again in the future. This is why the trend of governments paying for ransomware with insurance money is so worrying.
If you can't shut down the machine in time, or the infection has already taken over your system, you need to wipe it clean and restore from your backup. The best way to do this is to reinstall whatever version of Windows you were using to start fresh, then use your external hard drive or cloud backup plan to restore all your files.
There are some tools that can help you unlock ransomware, such as No More Ransom. But there's no guarantee that these will work for your specific infection.
This is why backing up is so important; if you have no backup, you're stuck with a load of encrypted files. Breaking encryption is a lengthy and expensive process, so unless you have an exorbitant amount of spare money and time, that isn't an option.
Make sure you're prepared for this kind of attack before it's too late. Most businesses cannot survive going offline for weeks to rebuild all their databases and files after a ransomware attack.
The best solution to ransomware is to have experienced IT managers handle this for you. And Houk Consulting takes care of all this in our Managed IT Services program.
Beating ransomware is more about preparation than reaction. Preparation can reduce your risk of being attacked, while also making the shock of a ransomware incident less severe. We can make sure you are prepared.
For more info, take a look at our coverage of GandCrab, a specific strand of ransomware that hit in 2019.