If you've been around technology, you probably know about the various kinds of nasty infections that can wreak havoc on your company's computers. From Trojans to worms to viruses, the ever-present threat of malware is something that you must be vigilant to prevent.
There's a different kind of malware — called ransomware — that's becoming more and more popular, and it's capabilities can have a significant impact on a small business.
What is Ransomware?
Instead of spawning pop-ups for advertising dollars, hijacking your computer for nefarious purposes, or stealing your information, Ransomware encrypts all of your files and demands that you pay a hefty price to get the key to unlock them.
Encryption scrambles all of the information into unintelligible gibberish unless you have the decryption key. You may remember how encryption got in the way of the FBI when it for a time was unable to access an encrypted iPhone. If the FBI has trouble with it, you better believe your small business will as well.
This video shows what happens when a computer is infected by Ransomware:
Ransomware starts out like a normal virus. It'll try to trick you into installing it or spread from other infected machines. Once it gets on your computer, ransomware starts encrypting all of your files and of course demanding that you pay money to get them to decrypt it. Should you fail to pay within a certain time (usually via Bitcoin or gift cards to reduce trace-ability), the price will go up or they'll erase the key forever (depending on who is behind it), and if you attempt to remove the encryption the key is also deleted.
How to Reduce the Risk of a Ransomware Infection
There are steps you can take to reduce your risk of infection and provide options if there is an infection.
The most important way to prevent ransomware crippling your infrastructure is backing up your data. By keeping frequent backups, you're guaranteed to have a recent copy of your data in the event that it's all encrypted and rendered unusable.
However, this comes with a caveat — the media you are backing up to must not remain connected to the computer, or it's also at risk for being attacked. If you back up to an external USB drive that's always connected to your PC, the ransomware is going to see that drive when it hits and encrypt it along with your local disk.
We help clients select the correct backup solution keeping these factors in mind.
We recommend the 3-2-1 approach to backups:
3 - Copies of any important data
2 - Types of media (such as disk, tape, or cloud)
1 - Copy Offsite (to prevent loss due to fire, electrical storms, or other local physical destruction)
Even with this, consider how connected these different types of backups are to a computer that may become infected. For example, if your primary copy of the data is a local Dropbox (1 copy on local machine, and 1 copy in the Dropbox cloud), then also backup to a USB drive that is connected to your computer (the 3rd copy), you are technically meeting this 3-2-1 rule. Yet, if you get a ransomeware virus on your computer while the USB drive is connected, it'll be able to encrypt all 3 locations. You'll be relying the much more cumbersome restoration abilities of Dropbox rather than a purpose built cloud backup like CrashPlan. It's capable of restoring large amounts of data from a point in time before the data was encrypted. If you end up in this situation, having that extra layer of protection is well worth the extra cost.
If you need help evaluating and designing a ransomware protected backup strategy, we are here to help!
Review Your Layers of Security
Anything powered by electrons cannot be 100% secure. So we talk about security in terms of layers. The more you have the less chance you have of infection.
For our Managed IT Services clients, we manage the following:
- Webroot Antivirus: Powerful cloud based lightweight Antivirus, fully managed and monitored by Houk Consulting.
- Fortinet Firewall: Perimeter network defense with it's own Antivirus and web filtering
- Cisco Umbrella: Computers use "DNS" to turn website addresses such as www.google.com into IP addresses. This lookup process can be used as another layer of security by using OpenDNS' filtered DNS servers configured to allow access to only good sites.
- Encryption at rest: Prevent access to data by encrypting the contents of all portable media.
- Spam filtering: Prevent email messages containing trouble from getting to your inbox to begin with.
- 24/7 Monitoring: If there is an infection, some infections try to hide their presence. Monitoring can help catch things that are not quite right.
The more layers of defense there are, the better protected you are. Our job is to help pack as many layers in without interrupting business operations. We continue to research and add or modify layers for our clients.
Watch What You Download
Lots of problematic software gets onto your system through downloading and installing programs. While some of these aren't too harmful outside of nagging you with ads, others can be full-blown malware. It's important to be careful what you download and have company policies (such as an Acceptable Use Policy) to guard against harmful downloads.
Be careful when downloading new software to run on computers. Some download sites intentionally have misleading advertising that look like a download button. It's not! It's a link to install a virus on the computer. If a site shows pop-ups suggesting that that Java, Flash Player, or other runtimes are out of date, don't click on them. Run the built-in updaters for these programs or go to the company's website directly and check for an update that way. For example, to install Adobe Flash, get it from adobe.com.
In general, don't click on ads (even ones that look like legitimate downloads) and you'll greatly increase your safety.
Update Your Software
Keep all the software on your computer up to date, especially vulnerable plug-ins like Flash Player. Whenever you see a (legitimate) update for software, make sure to install it. If you are not sure, ask your IT pro.
The good news is that a good IT provider should handle all these updates for you. Using management software, we can set important software to run updates on a schedule, helping to ensure that you don't have old, vulnerable software sitting around on your systems.
What if I Get Infected?
If you realize that a computer on your network is being hit by ransomware, you need to immediately take it offline and power it down. That means unplugging any Ethernet cables you might be using, and holding the power button (on a desktop or laptop) for several seconds until the machine does a hard shutdown. On a laptop, it's not a bad idea to remove the battery, as well. With any luck, you'll interrupt the process before it gets far.
Also important: don't pay! There's no guarantee that the people who crafted this infection will actually stay true to their word and give you your data back. Paying encourages this kind of criminal activity, and could make your business a target again in the future.
If you can't shut down in time or the infection has already taken over your system, you need to wipe it clean and restore from your all-important backup. The best way to do this is to reinstall whatever version of Windows you were using to start fresh, then use your external hard drive or cloud backup plan to restore all of your files.
This is why backing up is so important — if you have no backup, you're pretty much going to be stuck with a load of useless files. Breaking encryption is a lengthy and expensive process, so unless you have plenty of spare money and time, that isn't an option. Make sure you're prepared for this kind of attack before it's too late.
The best solution is to have experienced IT managers handle this for you - we take care of all of this in our Managed IT Services program.
Beating ransomware is more about preparation than reaction. Preparation can reduce your risk of being attacked while also making the shock of a ransomware incident less severe. We can make sure you are prepared.
Are you at risk for ransomware? We can help. Contact us for a free IT assessment today, and see what practical solutions you can put in place right now to protect your infrastructure from this growing threat.