Cryptolocker ransomware has been in the news recently, with a hospital in the United States forced to pay a ransom of $17,000 to get its data back after being infected with ransomware.
But what is ransomware, what does it do, and what steps can you take to avoid it?
What is ransomware?
Ransomware is a form of extortion that occurs when a virus infects your computer and encrypts your data. You are then sent a note demanding payment of a ‘ransom’ in order to decrypt your data.
Some ransomware is just a con for the particularly gullible, and no files are actually encrypted. However, the more sophisticated versions, such as Cryptolocker, encrypt data in such a complex way that it is impossible to break the code.
How does ransomware infect your computers?
Ransomware viruses usually arrive in infected emails, often targeted at the kind of departments that will automatically open them. For example, the accounts department of companies are often sent infected emails with “invoice” or “remittance” in the title.
Most users are well aware not to open suspicious emails, but the virus writers are getting more inventive in teasing us to click. Once you get infected you will see a screen similar to the one below.
Pay up or lose data
If you have been hit by ransomware, and you don’t have a reliable back-up of your data, then you may have little choice but to pay the ransom. It is usually a relatively small amount, typically around £500, which is small enough to make small and medium sized businesses think it is worth the price to get their valuable data back.
Will you get your data back?
Perversely the criminals usually do restore the files back to their original format if you pay their ransom. It’s quite a lucrative business, so as crazy as it may seem, it’s in their interests to be honest with their “customers” and restore the data. If they did not do this, word would soon get out and people would stop paying.
That said, there is no guarantee that paying the ransom will release your data, and you can’t exactly go to your local trading standards office to complain if you don’t get what you paid for.
A second attack
Even if you do successfully get your data back, your system is far from safe, and the nightmare could be only just beginning. Often, malicious software will not only perform its primary objective, such as a ransomware attack, but will also create gaps in your system security that will allow later attacks to gain access via a backdoor.
The only way to be sure is to purge your system completely and reinstall; however to do this, you need a comprehensive and reliable back-up.
Top tips for avoiding ransomware
Below are some top tips to keep your network safe from ransomware and other virus attacks:
- Ensure your operating system and all software is up to date with all the latest patches downloaded
- Ensure your main antivirus software is up to date and is set to inspect incoming emails. The only antivirus software we are aware of that prevents your files from being encrypted is Trend Micro WFBS Services
- Consider using a second malware scanner or edge security software to protect your systems from threats before they enter your network
- Educate your staff so they know how to spot threats. The most common method of virus delivery is a simple email with an “invoice” attached to it
- Block exe and zip files from entering your network
- If you do get infected, immediately unplug the compromised computer from the network and work out what has been infected
The importance of having a back-up
The best way to avoid the dangers of a ransomware attack, such as Cryptolocker, is to have a reliable and secure back-up of your entire system. This means more than just saving your most recent files to DropBox, or having an external hard drive.
A full Cloud Back-Up will not only restore any encrypted data, it will also reset your system back to how it was before the attack, removing the risk of secondary ‘backdoor’ attacks. As Rob Stevenson from BackupVault explains:
“We often have companies come to us following a ransomware attack,” he says. “These companies have learned the hard way, and the expensive way, just how important a dependable, professional back-up is.”
“If companies had such back-ups as a matter of course, then these attacks simply wouldn’t work and the ransomware industry would die out. But as long as people leave their valuable data vulnerable, then they invite these criminals to exploit them.”
Don’t risk it
We all take sensible steps to increase our security every day, such as locking our cars and bolting the front door at night. Yet far too many companies don’t take similar simple precautions with their valuable data, even when a loss of data can be devastating to a business, as we discuss elsewhere on this blog.
Cloud back-ups are simple, affordable and in the modern world of online crime, they have become indispensable. So if your data is important to your company, why risk it?