Ransomware is one of the newer types of viruses that many people have not even heard of.
As the name suggests, it is a piece of software that is usually installed on your computer via a bad file download or link sent to your email. What ransomware does is hold your files for ransom by encrypting them. Much like what your bank does for online banking. In comparison the average bank uses a 256 bit encryption key, while these ransomware viruses use up to 2048bit or higher. This may sound like gibberish, but just know that the higher the number, the harder it is to crack. And bank data is extremely hard to crack. There will be instructions to pay a certain amount to a certain account via a currency called Bitcoin. These instructions are oftentimes displayed on the desktop, or are contained within a “help” file that the virus installs. All files are encrypted and can only be de-crypted with a key, or sometimes in lucky cases, with a software that was built to recover from a ransomware attack.
The extremely problematic part that ransomware comes with, is that it is a worm. A worm is a piece of software that will sneak from your computers to all other network devices that your computer is authorized access to. So the server share that you use to access all your company files, the computers in another remote office you may have and so on. This makes it extremely complicated to stop the virus from infecting other devices, other than killing your entire network and cleaning every computer one by one, which needless to say is extremely expensive and may put your business to a screeching halt.
So why is it bad for security equipment?
In our wonderful technologically advanced world, everything is driven by computers. In the security world, servers record what cameras are seeing to files, access control logs and credentials are stored on servers, in files. You see where this is going. Since almost all devices are networked by now, you’re potentially looking at a few more targets for the ransomware attack. If your surveillance server is somehow accessible via the infected computer, you are running the risk of having all your surveillance files encrypted and inaccessible. The same goes for access control servers, only in those cases can the failure to access certain files cause people to be locked in or out, not something you want to have happen.
How to protect against ransomware?
There are a few steps to make sure ransomware does not affect your computers and day to day business. Unfortunately, it is never possible to say that ransomware will never happen if you use a certain tactic, but the following steps can ensure that you very much minimize the chance of it creeping into your business. The main points start with a proper setup of your IT services within your company and then there are a few things that should be brought to the attention of each and every employee at the location.
Backups
It is absolutely crucial to keep a backup of all your company data. Not only does a backup give you a way to get all your data back, but it also allows you to recover files that were accidentally deleted. Backups are very versatile and unfortunately do not seem necessary until it is too late. Backups are the obvious way to protect from ransomware attacks. Having a device that pulls a backup on a regular basis, but it is important that it is an off-site backup. Off-site backups are stored in data centers, instead of locally in your office. This way the ransomware virus cannot get to the data center, and your data is secure, no matter what is trying to wreak havoc upon all your devices.
Network
Having a managed network is another way to protect your office from ransomware viruses. A managed network will analyze all the traffic across all the devices on the network. This in turn will allow for a ransomware, or any other network attack to be mitigated before it is happening. Without these safeguards in place your network can expose all the devices, and each device has to fend for itself. A single out of date program can make a difference in those cases.
Emails
Since emails are the main entry point for ransomware into your business, the best safeguard is to be careful with email. Email is the preferred delivery method of a multitude of malware, including ransomware. If you have as much as a file that you were not expecting from any of your contacts, get in touch with them and ask them whether they actually sent the attachment. Unfortunately more and more email accounts are hacked due to weak passwords, so a virus can appear as a harmless file from one of your contacts, even though it is much worse. Regardless of the email, do not click on any links or files that you did not know were coming your way.
Updates
This one goes without saying, keep all your programs as up to date as possible. This is not only important to protect yourself from ransomware, but any other malware and security leaks. Even most issues that you have with your programs will be eliminated by regular updates. If a new update comes out, your I.T. provider should already have a script that will automatically update your computers at a certain time. If that is not the case, make it a habit to check your computers for updates on a regular basis. Most of the time updates will not install themselves, and if left unattended will cause major issues.
What to do if you are infected
In the case that you see that you got infected by ransomware, there are a few steps you can take to make sure you minimize the impact of the virus. First off, we recommend that you pull the plug on your computer, the second you realize it. This ensures that the virus cannot spread to other computers. You should also inform law enforcement of the attack. While they may not be able to do much for you, it is still important to report the occurrence of this crime. Finally, call in your I.T. support and hopefully they have good news, that they have a recent backup that your computer can be restored from. If that is not the case, you then have to decide whether you will be paying the ransom or not. A few points that will aid with that decision:
- Do you have a recent backup of your data?
- Were you able to stop the ransomware attack in time?
- How much is the ransom? Are you willing to pay that amount?
- How important were the files that you lost?
The above points should make it fairly easy to decide what steps you want to take. All in all we recommend to never pay the ransom, but unfortunately, this is often the only way to get your work product back. Paying the ransom will only give the hackers incentive to ramp up their ransom attacks, which in turn will create more and more of these issues and viruses. If the files were encrypted and you cannot find any way to get around the encryption, there is oftentimes no other choice than to pay for it.
What to do after recovering from an attack
Upgrade Anti-Virus Software
Your anti-virus program obviously did not do the job the first time around. If you did not have any anti-virus program before the attack, now is the time to get one. There are a few different anti-virus programs that we can help you find. Unfortunately many anti-virus programs have issues finding advanced viruses and ransomware programs, that’s why it is important to not just install any anti-virus program.
Increase Employee Training
Employee training is the best way to avoid viruses and ransomware. Your employees may not be advanced computer users, and as such they may be more prone to clicking on links that they do not know the origin of. Educating your employees about which links to click, which files to open and what websites to access can be absolutely crucial to avoiding malicious attacks within your business.
Implement a Backup Strategy
If you had to pay the ransom or had to start from scratch, you now hopefully see that a backup can be quite a bit more useful than it may have seemed initially. Implementing a backup strategy with a proper backup provider is key to ensuring your environment is always protected. We can help you make sure that you have a backup in case any attacks does hit your business. Read more about our backup solutions.
Get in Touch
Did you get hit by ransomware or do you feel as though your computers are not as secure as they could be? We will gladly help you get the data security and network security that you need for your business. Feel free to contact us with any questions or comments. You can call us at any time at (403) 477-4800 or email us at info@authorizedsecurity.ca.