IT Security Tip #1: How to foil “RansomWare”
The first tip in our Internet Security series is about a hot topic called “Ransomware”. Short for “ransom software”, ransomware has been around for a very long time, but not widely used by the cyber criminals until the past couple of years. Now its an epidemic with tens (hundreds?) of thousands of variants being rolled out across the internet like a tidal wave. The threat is fairly straightforward when infect: Pay us or you’ll never access your data again.
Common names of current ransomware include CryptoLocker, CryptoWall, Locky, TeslaCrypt, Zepto, and others. It works by encrypting your files to prevent you from being able to use them. Anything encrypted is made essentially unreadable or unusable as it was in the original by ‘scrambling’ it with a one-of-a-kind “key” (a string of characters like *4rh!`In&, but dozens or thousands of characters long). This key is what’s required to make DEcrypt the encrypted files. This key is what the criminal is going to attempt to make you pay for. Ransoms range from $150 to as much as $2600 with the average being around $300 according to statistics. After your files are encrypted and unusable, the criminals who wrote the software (or possibly who rented it…more on that later) that encrypted your files then pop up a demand screen asking for payment within a set time frame (like within 72 hours) in order to get the key to decrypt your files. If you don’t have reliable backup, you’re toast…there is no recovery in nearly all cases of ransomware when there is no backup. Note that the biggest killer here is the disruption of your business…you can’t serve clients or customers when the computer systems won’t work.
Antivirus will not stop this type of thing. Let me repeat that: Antivirus will NOT stop ransomware, regardless of what you throw at it. The organizations creating ransomware (and other viruses) know how to get around it. They prey on likelihood of the human doing the wrong thing.
The best way to foil a ransomware attack is to know more about the dangers of it in general (this email is a good start!). Teach yourself and staff about cyber threats and best practices for email and the internet in general. This can’t be a one-and-done philosophy; the teaching has to be repeated because people forget and this stuff changes continually. (If you don’t have a resource for this (and small businesses most don’t), you may want to ask us about our PartnerUniversity Staff Training services…very inexpensive an very educational for all your staff via brief, recurring online courses.)
Another layer of defense is to use a smart “DNS” system on your office network or home computers. Check out http://www.opendns.com for their free service that makes a huge dent in your vulnerability. If you need help making their service go live for you, let us know. (Our managed clients already have this in place).
Lastly, make absolute certain that you have a rock-solid backup system that’s protecting both ALL your important data and files and that its making multiple versions available for restoration and recovery. They data needs to be stored both locally AND offsite for every recovery point. Our PartnerSAFE business continuity system is a great example of this.
So in the mean time, NEVER EVER click on an email that WANTS you to open the attachment, even if its from someone you know (it may not be from them!) and always, always keep a verified backup avaialble to restore from.