Companies, and even individuals, need to be aware that so-called "ransomware" is a growing concern. One of the primary methods a malicious person uses to holds data ransom is to encrypt the contents of your hard drive and demand money, usually in the form of cryptocurrencies such as Bitcoin, in return for the key to decrypt the files.
About 28% of ransomware victims simply pay up which gives hackers enough money and motivation to keep wreaking havoc. Those who do not pay the ransom generally experience significant downtime. On average it takes 21.4 hours to recover the encrypted files and/or restore the infected computer(s).
So, what can companies do to prevent ransomware?
- Keep current backups of everything. Make sure this includes employees who work from home or who travel and use a personal laptop. You should educate your employees on the potential risks of not backing up all of their data. If the infected hard drive is properly backed up then it can be wiped and reinstalled with minimal data loss. Keep multiple backups, at least one of them in a different location from the primary drive.
- Use reputable antivirus and antimalware software. Although the software cannot stop all ransomware attacks (viruses and antivirus software are in something of an arms race and virus software cannot stop brand new malware), it can stop many of them.
- Make sure everyone in your organization practices good email hygiene. Some simple steps that can be followed:
- Never open unsolicited attachments.
- Do not provide personal information in email and never email passwords.
- Have your IT department or managed service provider configure your email server to block .exe and .vbs files, which are more likely to contain malware.
- Bear in mind that hackers and phishers commonly make their email look like it comes from somebody in your contacts list. If in doubt, call the person and ask if they sent the attachment.
- Be especially careful with .xls, .xlsx, .doc, and .docx files. If you open a strange file and it contains macros, do not enable them.
- Turn on show file extensions. One trick hackers use is double extensions, such as .jpg.exe. In this case, the file will look like a .jpg, a harmless image file, but could actually be a malicious executable.
- Disable remote services such as remote desktop unless you really need them. This can help isolate an infected computer and prevent the ransomware from spreading through the network.
- Implement least privilege access control to files on your network. While this is a complicated subject that requires an experienced IT professional to implement, the basic premise is that computer users within your organization should only be allowed access to files and resources necessary to complete their duties. For example, an accounting employee should generally not have access to detailed human resources information, and a human resources employee generally should not have access to accounting information.
There are a lot of other things you can do. So, what do you do if you do get infected?
- Do not pay if at all possible. As long as some companies continue to pay, the hackers will be encouraged. The fewer people pay up, the better. Additionally in some cases, people will pay the ransom and not get access back. Paying the ransom can also mean you are more likely to be targeted again.
- If possible, roll back to an earlier backup of your system. Windows users can use System Restore. Macs are less likely to be infected, but if they are, you can start up while holding down command and R, which will boot you to Mac OS X Utilities. From there, Reinstall OS X should get your system clean and you can then restore any lost data from Time Machine. Then check for missing data. With some versions of ransomware, this is all you need to do. With others, you will need to move on to the next step.
- Getting your data decrypted. If restoring from a backup did not get you your files back, then you will probably need to get a data recovery company on the case. (This generally means that the ransomware got your backups as well, which means it is often a good idea to keep one reasonably recent set of backups, or at least your most important files, on a drive not connected to your computer). This can be expensive.
One last thing you can do is have a business continuity plan in place. By making sure that you have backup plans, you can handle any downtime caused by malware. We can handle all of your customer inquiries and questions while you recover from the malware, or any other problems you might have.