Far too many businesses are inadvertently putting themselves at risk of being caught out by a type of computer virus known as ‘Ransomware’. If infected the implications can be costly, either from the financial ransom demanded or from the downtime whilst the problem is being resolved. Both have a negative impact to the business. This need not be so. It takes just a number of straightforward steps to avoid an attack.
What is Ransomware and what does it do?
Ransomware is malware that installs on an unsuspecting victim’s computer. It is generally carried out using a Trojan that has malicious data disguised as a legitimate file. This commonly appears as an attachment to an email and when opened, it proceeds to attack and encrypt the local computer files, and any network data the user has access to, then demands a ransom payment for the decryption code which enables the files to be restored.
The first indication that a victim may be aware they’ve been subjected to ransomware is when their system locks up and a message is displayed demanding a payment to unlock it. If they have been infected by ‘simple’ ransomware and have a degree of IT knowledge they may be able to reverse the process.
However, more advanced malware encrypts the files in such a way that they become inaccessible to the victim and a ransom payment is demanded to decrypt them.
Depending on the setup of the computers and network it’s possible for ransomware to encrypt the computer’s local hard drive, or data across the network, reaching further and creating even more havoc.
What can or should you be doing about ransomware?
Your backup procedures are key to the swift recovery from a ransomware attack.
For a restore from back up to be effective there must be a serialised backup policy. The danger is backing up infected files. Older versions of the backup must be available in case recent versions are corrupted or encrypted.
Best practice includes storing backups offline or using proper backup programs, just copying files to a USB drive and leaving this plugged into your PC or server make these files just as vulnerable; most strains of ransomware will encrypt data that is connected to networks or removable drives.
Frequency of backups should also be considered so that recent files can be restored rather than risk losing days, weeks or months of work. You should also check that backup routines have completed successfully and not assume they are working, and occasionally perform test restores of some files so if it comes to it you know data can be restored.
“We were recently hit by a ransomware virus and most of the company’s data on the server was encrypted and inaccessible. Fortunately with TLP Technology’s recommended backup routine in place they were able to speedily recover all of our data with minimal impact to productivity. We were extremely happy with how they handled the ransomware attack” Nikola Blenman
Ransomware isn’t something new. Were were talking about the CryptoLocker Ransomware Virus in 2013.