It’s a sunny summer morning and you arrive at the office with an iced latte and ready to work. You login to your computer and notice a strange file on the computer. You open the file and read “Your files are encrypted, and currently unavailable. You can check it.” What’s going on here? Some kind of practical joke? Nope. Your computer is infected with ransomware. Ransomware is malware that encrypts your files. The files on your computer, and possibly files on all the systems in your business, are encrypted and no one can access them. Word, Excel, databases, PDFs, everything.
When a computer is infected with ransomware the program encrypts files on the computer making them inaccessible. A ransom note will be found in folders on the computer with instructions paying the ransom in return for YOUR data. Payments are made in cryptocurrency which is impossible to track once the payment is made.
In a new, evil twist, the criminal spends several days or weeks, on your network getting to know your computers and systems. They move around the network planting bits of code on computers while copying your data to remote systems the crook controls. This exfiltration of data allows the hacker to extort the victim a second time. Now business have to pay for the data and to prevent the publishing of business data, personally identifiable information like social security numbers, bank account information of their employees or customers. Data can be posted to the dark web where cybercriminals operate in relative anonymity.
Recent demands from hackers have increased dramatically. Its common ransom demands of hundreds of thousands or even millions of dollars. American business paid a $2.3 million ransom when threatened with the release of information. If payment is not made quickly the ransom payment goes up.
5 Steps to Take Now to Combat Ransomware:
- Secure Remote Access
Review remote access to your business computers particularly Microsoft’s Remote Desktop Protocol (RDP). Having your systems accessible via the Internet is a primary attack vector used by many attacks. RDP was an entry point in 60% of attacks in the 1st quarter of 2019. - Use a Reputable Antivirus and Keep Software Up to Date
Install antivirus software on all computers, both Windows and Mac. - Security Awareness Training
Create a human firewall to malicious applications. Subscribe to a security awareness program and require everyone to participate. - Never Open Untrusted Email Attachments
If you don’t recognize the sender don’t open the attachment. It’s very unlikely you are receiving a fax or an email from a system you haven’t received a message from before. - Keep Operating Systems and Apps Up to Date
Microsoft and other software vendors are releasing security fixes on a regular basis. Keep your systems up to date.
One more crucial step you must always take: Backup your data offsite and test frequently.
If your systems are encrypted (or encounter drive failure or are lost due to any number events) you will need a good backup to recover your data. Know where your important data is stored and ensure it is backed up frequently. Multiple copies of your backups need to be stored externally and a cloud-based service may be your best option. Make a recurring task to regularly check if backups completing successfully and conduct test restores to verify the backup.
Neal Wankoff is the President of Prairie IT Services Corp. of Oak Park, Illinois. Prairie IT Services assists small and medium businesses throughout the Chicago area. For information on how Prairie IT Services Corp. can help your business call 773-313-9009 or visit https://www.prairieits.com.
