What the #%[email protected] is Ransomware and how do I stay protected

What exactly is Ransomware? And what can I do about it?

Remember that old line from the movie Jaws? “Just when you thought it was safe to go back in the water...”

Unfortunately, that’s the way things are in the world of computer security. Just when we think we’ve seen everything, a so-called Black Hat comes up with a new form of Malware.

The latest, and one of the nastiest is called Ransomware. In a Ransomware attack, one or more of your computers is infected with a program that encrypts your critical data files. When you go to access them, you’ll see a message that looks something like this:

Your personal files are encrypted

And then you’ll be asked to pay $500 or more to have them unlocked. Here’s a particularly scary example described in NetworkWorld Magazine:

"We are a 250 employee non-profit and we heavily rely on our computer systems in almost everything we do. Yesterday, one of our admin workstations was hit with CryptoWall Version 2.0, and because this workstation had drives mapped to all our servers, and the administrator had permissions, all our seven servers were encrypted and we were dead in the water.

CryptoWall took just 55 minutes to encrypt 75 Gigs of information, and it had penetrated most of our network before we found out what was happening, isolate the workstation and get it disconnected from the network. We had backups of the seven servers but it would take days to restore those, so we opted to find out if we could decrypt the files first.”

Untitled

In the case above, the company was able to pay the Ransomware and they got most of their data back. But here’s the problem with paying the ransom (apart from the money):

First of all, the more people pay those ransoms, the more hackers will discover that this is a profitable business, and the attacks will escalate.

The second problem is even worse: even if you get your data back, there’s no guarantee that the infection has been removed from your network. So within a few days, your data could be encrypted again and the whole cycle repeated.

Sounds horrible. So what can you do to protect yourself?

It is horrible. We’ve had to deal with it a few times and it’s not pretty. So here are some important steps you can take to make sure you never have to experience it:

1. The first, and most important tool in your arsenal is strong network perimeter protection. In other words, you need a powerful firewall; a consumer device that you buy at a “big box” store for $90 just isn’t going to cut it.

2. Effective and current AntiVirus software is also essential. If your AntiVirus subscription has expired or you’re running a basic, free AntiVirus program like Microsoft Security Essentials, you’re putting your computer, and your data at risk.

3. Unfortunately, AntiVirus software doesn’t catch everything. You also need an anti-Malware program like Malwarebytes Pro.

4. And finally, you play a critical role in the security equation. Always be careful about opening emails from unknown senders, and never open attachments unless you know exactly what they are. If you have a laptop that you take home, try to avoid letting anyone else (especially children!) play with it. That’s a sure-fire way of importing an infection into your organization.

This final observation: if you’re a Connectability Managed Services client, we include all of the protective software and hardware as part of our agreement. And we back that up by continually monitoring your network for any hint of suspicious activity.