You may well remember the first time you heard of ransomware and thought it was just going to be another IT buzzword that floats around and disappears after a few years. Unfortunately for us that certainly isn’t the case. Ransomware has matured dramatically over the last few years and is costing businesses huge sums of money and inducing a lot of grey hairs. For those of you that (quite luckily) haven’t heard of it, ransomware is a form of malware that is designed to completely encrypt all of the files on the victim’s computer and in the worst cases, the whole server too. The attackers will then set a ransom, normally quite a lot of money, which you’ll need to pay to get your files back (unless you have a disaster recovery plan and backup solution in place!). In other words, should you fall victim to a ransomware attack, it could potentially cause irreversible loss of data. You then have either 1 of 2 choices – pay the ransom fee to the attackers or use your trusty disaster recovery plan to get back up and running.
Where did ransomware come from?
Although it feels like a new era of the dark side of IT, ransomware has been around for some time – the first case that resembles what we know as ransomware today was called the PC Cyborg Trojan. It was distributed and infected computers using floppy disks (which is why we don’t endorse the use of USB sticks today), and then encrypted the machine and the files on it. Back then the only way users could get their files back was to pay the ransom (in the times when people still used their cheque books), which then ended up in a post office box in Panama.
Thanks to the latest stats from Statista (top of the page), you can see that the annual number of ransomware attacks rose dramatically from 2015-2016. We are now seeing a decline in the number of ransomware attacks worldwide, but that doesn’t mean we are less at risk. If anything, organisations are more at risk of falling victim to a ransomware attack than ever before. How? As opposed to 2015/16 where ransomware attacks followed much more of a ‘spray and pray’ strategy, attacks are now highly intelligent, and a lot of planning goes into them. Ransomware attacks often amalgamate through phishing attacks (if you don’t know what I mean then see our infographic) which require a lot of research and planning on the attacker’s behalf. This means more often than not these attacks go unnoticed until disaster strikes, because of the intelligence behind them. If you can remember the age of dial-up connections and the dreaded trojan horse, then you will remember that back then cyber criminals would try their best to infiltrate your system, all the while doing everything they could do to remain undetected. With ransomware though, the story is very different – once the programme has infected your computer, the cybercriminals cannot wait to tell you. Hopefully, you will never have to see an infection in real life, so here is an example of a very common piece of ransomware called CryptoLocker.
Ransomware can come in many forms though, CryptoLocker being just one. One of the most prolific pieces of ransomware is WannaCry, which caused chaos all over the world last year. Individuals and businesses were hit with the ransomware which infected over 300,000 victims over the course of the weekend. This piece of ransomware also brought down the NHS for a number of days, with appointments cancelled and patients urged not to go to A & E unless absolutely necessary.
Protecting against ransomware
Ransomware can be very scary and a huge potential loss to your business. If your files have been encrypted and are not backed up, they are essentially lost forever – unless you pay the ransom and the attackers do actually stick to their end of the bargain. If you have properly prepared your systems for an attack though, ransomware becomes more of an annoyance as opposed to a crippler. Here are some tips as to how you can ensure your systems are ready.
1) Backing up your data
This is probably the most important thing you can do to protect yourself from the devastating effects of ransomware. In the event of you being infected, having a reliable data back-up really is the biggest saviour. As opposed to feeling like you have no choice but to pay the ransom, you can restore your files and get back to normality the same day, even within the hour if you are using Datto. With no backup, you are quite literally at the mercy of the attackers, with very little options. This may be a good time to say that in some cases if you really need to get your files back and have no backup in place, you will probably be very tempted to pay the ransom. There is not much we can say to discourage you from doing this, but remember this just fuels the criminal activity and encourages more ransomware attacks.
2) Updating software
Ransomware attackers often rely on outdated software which they can then exploit. It is a very good idea to push software updates within your organisation and encourage staff to remove applications which they no longer use – after all it is one less vulnerability.
3) Steer clear of suspicious links and emails
One of the most common ways for ransomware to reach your machine is through a phishing attack, which involves sending you an email from a domain that looks incredibly similar to one you know, maybe your company domain, which contains malicious links or attachments. If you spot an email that you think looks suspicious it is definitely best to avoid it and sound the alarm! If you think something looks suspicious then let your team know. It is not just emails to keep an eye on though – our lovely ransomware friends have recently adopted other methods to infiltrate your devices, most notably through malvertising. This involves the attacker compromising an advertiser’s network through embedding malware into adverts that appear on websites that you trust. The best way to avoid these is to install an ad blocker on your web browser!
4) Unplug from the network
If the above steps have been ignored and you find yourself worrying that you have in fact just come into contact with a malicious link or download, it is best to disconnect from Wi-Fi or unplug from the network straight away. Doing this as quickly as possible means you may be able to stop communication between servers before the ransomware can encrypt all of your files. This certainly does not guarantee that your files will be safe though, but there is a chance it could stop the encryption in its tracks. It is better than doing nothing!
To wrap this one up we have four points
- You can never fully protect yourself from the possibility of a ransomware attack. You can, however, educate your teams on ways to work smarter and safer so that they are ransom-a-ware.
- Back-up is key. Ransomware becomes an annoyance if you have a solid back-up in place. If not it can cripple your business.
- Try not to pay the ransom. Get in touch with your support provider or in-house team straight away and as quickly as possible. Disconnect from the Wi-Fi and unplug from servers as soon as you can.
- Contact us today to see how our data recovery partners Datto can help you in the fight against ransomware.