Ransomware: A serious threat to your business
There are many malware threats that could put your computer, server (if you have one) and business at risk. One of the most feared is what is known as Ransomware. Here’s a description from Wikipedia. Basically, criminals implant malware on your computer, then encrypt all the files, rendering them inaccessible without a “key” to decrypt. They then hold your data hostage and demand a ransom in exchange for this decryption key. Even if you pay the ransom, there is no guarantee that they will hand over this key, although they have been known to as otherwise, one would be less likely to pay if it were widely believed to be pointless. At this stage, your choices are limited, either pay their ransom and hope they will follow through or wipe your system and restore from a known clean backup.
Ransom, to pay or not to pay, that is the question?
Paying a ransom to retrieve your encrypted data is discouraged by many security professionals. These ransomware payments signal success to the criminals behind them and fuel their ongoing malware campaigns. However, depending on the value of the locked data, the ransom amount may seem small. If the business pays and in fact gets their data back, this could be the fastest solution. But will the bad guys really follow through and give you the key to unlock your data? In the past, the answer was likely yes. If the consensus became that paying was a waste of time, then new victims would be less likely to pay. But as more criminals are attracted to these big paydays, and the greed factor multiplies, the odds of successful data recovery after paying the ransom, may be going down. Just recently, the Kansas Heart Hospital decided to pay, only to be hit with a demand to pay a second ransom, which they refused. These are hard decisions with no easy answers except one, always maintain an up to date backup of your data. Restoring data from a backup may not be the fastest solution but it will be the most certain.
How to Protect Yourself from Ransomware.
There has been some progress in remediation with utilities released that could possibly save one from having to pay a ransom but they come with caveats and no guarantee as to success.
- One is TeslaDecrypt, released last year by Cisco. You can read about it here.
- Another is Kaspersky WindowsUnlocker. However, this is a game of cat and mouse between the bad guys and the good guys. Since TeslaDecrypt was released, the bad guys have released updated versions, some of which can’t be decrypted by the original versions of these tools.
- Here is another tool that may possibly help with these newer variants, TeslaCrypt and Alpha Crypt Ransomware Information Guide and FAQ.
- Anti-malware company BitDefender released a tool that can prevent the ransomware, CTB-Locker, Locky and TeslaCrypt. Note that this is preventative and not a cure for already infected systems.
- Malwarebytes has released a “beta” version of their Anti-Ransomware.
- No software can guarantee 100% protection but one of the best in regards to ransomware prevention on the client device is CryptoPrevent.
- There is a free version as well as paid. If you go with the free version YOU MUST KEEP IT UPDATED MANUALLY.
- For larger companies, with a dedicated security budget, the most promising defense is behavioral analytics applications. These apps provide real-time monitoring of a network, detecting suspicious behavior
IMPORTANT: Some ransomware is capable of spreading across a network! So if your office computers are connected to a server and one of them becomes infected, immediately disconnect it from the network (unplug the cable) until it can be restored.
Here’s the reality when it comes to this type of malware: the only guaranteed fix for a system infected with crypto ransomware is to do a complete restore of the infected system using a known clean backup. This is why it’s so critical to have a backup/restore process in place. If you can, take a full nightly backup. Schedule your backup to run automatically, regularly check for success or failure and store one or more copies offsite.
Also, be aware that although an anti-malware product may claim to be able to remove the ransomware software, THIS DOES NOT GUARANTEE IT CAN GET YOUR ENCRYPTED FILES BACK. It may very well remove the ransomware and leave your files still encrypted and inaccessible!
Here are some related resources:
- The Growing Threat of Ransomware from PCMag.com
- Defensive Best Practices For Destructive Malware [pdf file format] from NSA.gov
- Information on Ransomware
How to protect your business from Ransomware.
- Consider implementing one or more of the solutions listed above.
- Keep your anti-virus/anti-malware software updated! This is especially critical if you or your employees are using a free version as they usually require manual updating. Consider using the Bitdefender tool mentioned above.
- Institute company wide policies – even if your company is only 2 people – that educate users on best practices to prevent malware and virus programs.
- Backup, Backup, Backup!
Keep multiple backup copies and keep a recent backup stored offsite or in the cloud for easy retrieval. Test your backups by performing periodic restores to alternate locations. This is the only guarantee to protecting your data and your business from being held hostage to ransomware!