Ransomware, and how to protect your business.
Ransomware is computer malware that, once it gets on your computer, encrypts your files and then, once the damage has been done, demands a ransom for their release.
In the last 12 months 28 NHS Trusts and 23 universities said they had been affected. Unfortunately, only a fraction of businesses that are hit by this form of malware will actually report it and it is very hard to say how big the problem actually is. What we can say is that the hackers are now targeting people that are more likely to pay the ransom. Small businesses are particularly vulnerable as they have limited IT staff
The most common delivery method for the malware is via email and it is typically disguised as shipping / delivery notifications from delivery companies. These emails are very well put together and it is difficult to spot them as fraudulent.
Once the malware has infected your machine it will start to encrypt your files immediately. It will also look for shared folders on your network and once it finds them it will start encrypting those files too. It can find USB flash drives that are plugged in and also external hard drives. In short, if you are unlucky enough to be hit by this malware it will find anything that is attached to your pc and encrypt the data on it.
While it isn’t possible to guarantee that your business won’t be hit by this there are a few steps that can be taken to help mitigate the damage.
- Offline backups. If you have up-to-date, non-encrypted backups you have the ability to restore your files without paying the ransom.
- User Education. As mentioned the most common way in is for the malware to appear in your email inbox as an attachment. Employees need to be very aware that an email may not be from a legitimate source.
- Keep your Operating system up to date. Windows updates are frequently released to patch security vulnerabilities. Keeping your software up to date minimizes the chances of your pc being vulnerable.
Within the IT world there is a saying that “If it doesn’t exist in 3 different places then it doesn’t exist.”
We can expand that by using the 3-2-1 idea.
For your most important data there should be 3 copies on 2 different types of media with one at a different location.
Let’s use Sage as an example. Every time you close the sage software it asks you if you want to do a backup. 99% of users click no but 1% will click yes and that’s great. Sage then does its thing and performs a backup to wherever you told it to save it to. This is typically a hard drive on your pc either internal or external.
At this point you have 2 copies of your Sage data, one that the program uses and the backup that you have just done. You could then copy that backup to another usb drive and then you would have your 3 copies on 2 different types of media. Where this falls down is that 2 of the copies are held on the same machine and if the usb drive is left plugged in the ransomware will find it and encrypt it.
The safest plan here would be to save the backup to usb drive and, once it has completed, remove the drive and lock it in your drawer /safe and then have a cloud backup run overnight to take the third copy of the data to a separate location.
In this scenario we then have 2 chances to get your data back. 1 – the usb drive that you locked in your drawer and if for some reason that doesn’t work we download the backup from last night and restore it to the pc. Most I.T professionals feel better if they have at least 2 copies of data to hand in case anything goes wrong but there is a further complication that needs to be considered here.
What happens if your data gets encrypted and then your cloud backup software uploads it to the cloud?
A good cloud backup provider will allow you to keep the last 10 or so versions of your files safely and securely locked away on their servers in case something like this happens.
If your backup system is in place and working then the only thing that a ransomware attack will cost you is the time it takes to quarantine the infected machine, clean it and restore the damaged data
If you would like any help or advice with ransomware or any other I.T matter please feel free to give Computer World in Colwyn Bay a call on 01492 534141.
Article by Chris Thorpe – Computer World Colwyn Bay