You’ve heard the term thrown around the internet and media, affecting one company or another, a council, or even a hospital. But what is Ransomware?
Ransomware is a type of malicious software that sits in the background of your computer and encrypts your valuable files. This can include:
• Important financial data such as accounts or payroll data
• Sensitive business documentation
• Business/personal photos
“The Ransomware ‘CryptoWall 3’ was responsible for an estimated $325 (£224) million in damages in 2015.”
Upon successfully completing the encryption process your files become inaccessible and a message is then displayed on your screen asking to pay for them to become unlocked.
How do I become infected?
Ransomware typically is spread via phishing emails with links / attachments or ‘drive by download’ websites (a website which contains scripts when visited automatically start a download of malicious software).
The 5 stages of Ransomware
Stage 1: Exploitation and Infection
For ransomware to be able to be encrypt contents on a machine. It first needs to be downloaded and triggered. This typically happens via a email containing a malicious attachment or a website that automatically downloads a file to your computer. (Time taken for Stage 1: 0 Seconds )
Stage 2: Delivery and Continuity
At this point the program that actually performs the encryption of files is delivered to the compromised computer. The program then proceeds to ensure it can continue running should it be interrupted by a user logging off. (Time taken for Stage 2: 5 Seconds)
Stage 3: Backup Locations
Now installed, the ransomware both targets and spoils any known local backup files to ensure recovery is not possible via any connected backup means. (Time taken for Stage 3: 10 Seconds)
Stage 4: File Encryption Begins
Once the backup solutions have been taken out of the equation the Ransomware can now communicate with the criminals control server and generate keys to encrypt your data. At this point the encryption of your files begins. (Time taken for Stage 4: 2 to 20 minutes)
Stage 5: User Notification
Now with the encryption of user files complete. The Ransomware displays a notifications on screen and demands payment. (Time taken for Complete Encryption: 22 minutes)
How do I get my data back?
Well the short answer is off-site Backups. Modern day Ransomware specifically targets common backup strategies. Even though there is an option to pay a ransom. There are no guarantees upon paying your data will be released. Just like the bad guy in your favourite action movie. He gets his ransom then asks for more (how rude!).
So what do I do?
Well think about your data.
It’s vital to your business, your staff, clients – all of it. How is it being backed up? Is it even being backed up at all? What would happen if a member of staff inadvertently clicked a link which sent said Ransomware secretly gallivanting across your files making them permanently inaccessible?
Can you afford the downtime?
Ransomware can bring a company to a halt for days whilst data recovery processes are in operation. For an example at the start of 2016 a UK based council was brought to a halt for a week whilst their IT services recovered from a ransomware based attack.
“72 percent of companies are unable to access their files for two days, and 32 per cent for five days, or more.”
• Invest in an offsite backup strategy preferably one with a roll back period allowing you to recover from several days back if needed.
• Invest in a anti-spam solution for an added tier of support from email threats.
• Review and remove unnecessary permissions from users. If you have access to all data then your user account puts all that data at risk.
• Review and invest in a trusted reputable antivirus solution.
• Keep your staff members informed on what to watch out for. Phishing emails and malware are constantly evolving and ultimately these are let in to the system from a single user click.
If you would like further advice on any aspect of Ransomware please don’t hesitate to contact the Probado Support Team:
Telephone 01484 905103