Edit, March 7, 2016: A little over a week after posting this, the first widespread case of ransomware targeting Macs has been confirmed. The information in this article applies to both Macs and PCs.
You may have heard about the hospital in California that just paid $17,000 to hackers who had infected their computer system with ransomware. Never heard of ransomware? Here is what it is, why it exists and some ways to help prevent it from happening to your business, or mitigate it if it does occur.
What is ransomware?
As we’ve previously talked about, ransomware it’s a type of malware that encrypts or locks the files on your computer. It then offers to give you the ability to decrypt, or unlock, them if you pay the ransom hackers demand. Sometimes they only give you a certain number of hours to pay before you can no longer recover your data, just to add extra urgency to the situation. This type of malware is often transmitted via Office documents like Word or Excel, but can be gotten from simply clicking on the wrong link. Payment is most often required in Bitcoin, as it is considered untraceable.
The good news is that most types of ransomware are not self-propagating on a network. This means that if you click on the wrong link or download the wrong file you will only infect your computer and it won’t spread to every other computer on the network. The bad news is that it will encrypt any file it can access. This means it will encrypt any files you have stored on any attached devices such as external hard drives or USB thumb drives, as well as any network shares or anything else it can find. So all the files that you have on a server might get encrypted even if the server itself is never infected. However, some types of ransomware WILL infect every computer on a network and thus encrypt everything.
Why would someone do this?
The main motivator here is simple: Money. It has been reported that the makers of one form of ransomware (Cryptowall 3) made $325 MILLION from their virus. As you can see, this is big business. As a matter of fact, ransomware attacks are increasing as more and more types of ransomware become available for use. Even the FBI often advises people to pay the ransom if they don’t have any backup of the data.
Some more good news: since this is business, if you pay the ransom you will generally get the tools needed to unlock your data. Of course, there is no guarantee that you won’t be infected again. The price to unlock your data can vary widely from around $400 to tens of thousands or more. It is hard to get precise numbers on this, unless a company is forced to report it for compliance reasons, but it is estimated that 44% of victims pay the ransom.
I’m not a target, right?
You may be thinking that you aren’t a target for this. You could not be further from the truth. These people don’t care if they get a single person or a huge corporation. All are targets to them. So, you are right in thinking it is only a matter of time before you are hit with ransomware and you need to plan accordingly. Below is a list of things that you should be doing in order to help prevent an infection or mitigate the damage if one occurs.
As we’ve previously discussed, every computer should be running one, and only one, good quality anti-virus/anti-malware program. This will not make you bulletproof, especially when it come to brand new malware, but this should be considered your primary method of defense against malware. Good AV is not expensive, so go and get some, or call us, now.
If you are not already doing so, you need to be backing up your data. This is something else we’ve already talked about, but it is THE most important thing you could be doing for your data. If you have good back up then you don’t have to pay the ransom, you just clean the system and restore from your backup. You need to backing up to a cloud-based provider at the very least, and it would be better if you were backing up to a local system as well. If all you are backing up to is a local device on your network then it is likely that it will get compromised in the event of a ransomware infection.
You can get cloud-based file level backup for less than a drink at Starbucks. This may not be all the backup you need, but it is a far sight better than nothing.
Spam and virus filtering on your email
If you are a business your email provider should have a high quality spam filter that it sends your email through. Ideally it would also have a virus scanner on it as well, for an extra layer of security.
Employee Access Control
If an employee does not need to access a share or resource, then make sure they don’t have access to it. Since ransomware encrypts everything they can reach, this will help to limit the spread of the damage.
A Next-Generation Firewall
Next-Gen or Unified Threat Model (UTM) firewalls will generally have the ability to run virus scanning on incoming traffic BEFORE it gets to a computer. This is another layer in your security posture. While these devices can be pretty pricey for a small business, there are some very tangible benefits to them and should be seriously considered.
The True Cost of an Infection
When determining the true cost of the infection, the ransom is generally the least expensive part of it. The hospital that we told you about at the beginning: their computer network was down for over a week. They had to send some patients to other hospitals as some of their devices simply will not work without a computer. For the patients they were able to attend, they had to go back to pen and paper, and could not access any of their medical history that was stored only on computer. Then there is the cost of the IT support to clean it up and get things going again, in addition to the wages that you have to pay for people while they can’t work.
What is even more fun is that it is actually quite difficult to buy a Bitcoin if you are in the United States. Going through reputable sites it can take almost a full week to get a single Bitcoin. There are some faster ways to do this transaction but they are a little, or a lot, questionable. So, it is possible that even if you want to pay the ransom, you may not be able to if there is a time limit on the malware that infects you. Would your business survive if everything on your computers was taken away in one moment?
Our intent here is not to scare you, but to educate you so you will be aware of the dangers. Ransomware is something that is out there and it can infect anyone, not just big companies. You need to be ready for it, should it happen to you.
If you feel that you need any assistance in this please contact us and let us know. It is better to contact us BEFORE you get infected than afterwards.