Today I had another one of those REALLY tough conversations with a small business owner that is not using managed IT services. Their server, and all the files on it, were encrypted with one of the latest ransomware flavors. That dreaded phone call to inform them that their data is basically unrecoverable feels like it carries the weight similar to that of a pet, or loved one who has passed away. There were tears, empathy, and the realization that this could have been avoided was an extra kick in the gut. The thing is, these type of threats are at an all time high, and they are continuing to rise at an alarming rate. We must prepare for them or expect to fall victim. Here are a few of the basics you need to know to keep your data and your business safe.
What is Ransomware?
Ransomware is a type of malicious software that encrypts all the data on your machine, which basically means the data is locked and only accessible with a special key. The attackers lock your data, and then charge a hefty ransom for the key. Because these ransom payments are most often sent using bitcoin, they are practically impossible to track. This type of technology is normally used to keep things like passwords safe while making online transactions, but in this case, technology intended for good use is causing a lot of damage.
Ransomware doesn’t discriminate. These threats target both businesses and individuals, school systems, and even hospitals. Normally a threat is introduced through email attachments, and in most cases the victim doesn’t have any idea they are infected until it is too late.
How does Ransomware work?
When a user becomes infected, the ransomware will secretly start working by encrypting each file one by one. This is actually a rather time consuming process. For all the files on a computer to become encrypted, it could take up to a week or two. Once the process is complete, a ransom note is left for the user with instructions on how to retrieve the key. For those that entertain paying cyber criminals in hopes to get their data back, they are trusting that the same thieves that stole from them will hold true to their word and actually provide the key. Not to mention that it has been speculated that these type of viruses have been known to fund terrorist.
Where have we seen Ransomware before?
New Orleans city government attacked
In December 2019 the entire New Orleans city government was attacked by an unknown type of ransomware. Everyone from 911 Dispatch and Police to city government workers were instructed to completely shut down ALL of their computers to to mitigate the attack.
On 12 May 2017, an updated version of WCry/WannaCry ransomware called “WanaCrypt0r 2.0” struck hospitals belonging to the United Kingdom’s National Health Service (NHS), internet service provider Telefonica, and other high-profile targets around the world. Each victim subsequently received a note demanding $300 in Bitcoin as ransom.
A week before Halloween, Kaspersky Lab revealed it had received “notifications of mass alerts” of a new ransomware targeting Ukrainian and Russian organizations.
On 12 December 2016, the Cockrell Hill Police Department in Dallas, Texas learned of a security incident in which a computer virus affected one of its servers. The infection, which the police department contained to a single server, occurred when an employee received spam mail from an email address imitating a department-issued email address.
How can you avoid Ransomware?
We advise a 3 – 2 – 1 rule when it comes to data backups.
You want 3 separate copies of anything that is important. 2 of those copies, need to be on separate devices. That means, a laptop & flash drive, or flash drive & external hard drive, etc… And 1 of those copies, needs to be disaster proof. Fire proof/waterproof. The cloud is a good option here, and so is a literal, fire proof / waterproof safe you can physically store a flash drive in. The problem with this is, are you going to keep that backup updated daily? Probably not.