Up until recently, most of us had only heard the term “Ransomware” in passing and had little to no first-hand experience with it. Ransomware is menacing individuals, small to large businesses, school districts, and entire governments; and, according the FBI, ransoms collected via various versions of Ransomware top $1 billion annually.
According to a recent
article by CNNMoney, the
FBI has stated that the use of Ransomware has reached an all-time high. In the
first three months of 2016 alone, cybercriminals have collected $209 million by
extorting businesses and institutions to unlock computer servers. At that rate,
Ransomware will be a $1 billion a year criminal industry this year, with total
losses being even higher once related business costs are factored in.
Criminals aren’t only
targeting large, wealthy, multinational corporations; local organizations such
as schools and hospitals are falling victim as well. CNNMoney reported on a
case of Ransomware being used to target a school district in South Carolina.
Ultimately, the Horry County School District agreed to pay $10,000 to release
the information, calling it a “business decision” that got their systems back
online (excerpt from pymnts.com https://bit.ly/1SaF5pZ).
It’s no longer a matter of if, but when,
you’ll be infected. As bad as an infection will likely be, there are some
procedures and safety measures you can implement now that will help prevent the
worst-case scenario and limit downtime when recovering from an infection.
What Is Ransomware?
First thing’s first, what is Ransomware
exactly? Often referred to as Cryptolocker, Cryptowall, and, more recently,
TeslaCrypt, it is a relatively new form of virus that took the Internet by storm
in 2013. It encrypts or prevents access to files on the infected computer while
simultaneously demanding a ransom within a short time frame or all files will
be destroyed. When it first came on the scene, no one had any idea if they’d
make good on their threats. It didn’t take long for the first round of victims
to learn the hard way and inadvertently solidify the efficacy of Ransomware as
a profit center by spreading the word on social media.
These people desperately tried to remove it but nothing worked. Users tried to remove the encryption file extensions on their files in attempts to access them to no avail; they tried to run virus scans thinking that would do something, but the damage was already done. They reflashed BIOS and installed new hard drives with no success. Traditional viruses install trojans or keyloggers to sit in waiting and intercept sensitive information and passwords that they can exploit. Ransonware is far less complicated and much more elegant, needing nothing more than to exploit our collective impatience and lack of common sense in many cases.
Once infected, victims generally have one
of three choices: pay the ransom and hope that your file’s captor will in an
ironic twist do the honorable thing and release your files, hope that your
anti-virus provider has developed a method to clean your computer, or scrap the
computer and start over. For those with little computer knowledge or no back-up
plan in place, option one is the path of least resistance but offers no
guarantee that you’ll have your files returned to you as they were or that your
system will be free and clear of any latent malware that could once again infect
you at a later date. Option two offers no comfort for a business that must be
up and running ASAP. This leaves option three, which is the most secure way to
recover. However, it is sure to involve several hours of time from a number of
people and require certain backups to be in place prior to infection.
How Ransomware Infects Systems
It seems that those behind these
infections prefer carefully crafted email messages made to appear to be
legitimate, urgent, and of trustworthy/unquestionable origin. They count on our
inherent online impatience to momentarily disable instincts that would warn us
that something isn’t right in any other situation. There is so much information
about each of us and our businesses that can be used in an email that it’s very
easy to personalize delivery vehicles to deploy the virus under the radar that
even the most cautious of us are falling victim. The email may appear to be
from a family member, your bank, a local court or person in the legal
profession, and lately the IRS. The email usually comes with an attachment or
executable file that installs the virus; it’s game over from there. That said,
all is not lost if you take necessary precautions beforehand.
Aside from hoping your anti-virus
provider will protect you, the only fireproof preventative is to back up
everything, all the time, both locally and to a cloud-based service such as
Carbonite. The creators of Ransomware are keenly aware of the fact that people
are lazy and unwilling to properly back up their files and data. They exploit
this and expect you to pay because you have no choice without a carbon copy of
your files somewhere else.
Services such as Carbonite have
specialized teams that can assist you when you fall prey to a virus of this
nature. I know from recent experience at one of my family’s self-storage
facilities. They were able to find the last clean backup and isolate it from
the corrupt files, helping facilitate a transfer once I’d rebuilt a computer,
but I still had to junk the infected computer and start over. Think of it this
way: If you have a clean backup of your files to an air-gapped external hard
drive or cloud-based server, you remove their ability to hold you ransom. So
what are the steps to avoid or prevent Ransomware?
Install a top-tiered anti-virus or cybersecurity program.
Most anti-virus programs come with
anti-ransomware capabilities now for extra protection. Be aware though that
some of these may unintentionally interfere with normal programs but offer the
ability to white list safe programs that you need on a daily basis.
Get to know your computer environment.
Make a list of all the necessary software
programs to run your business and keep all install media in a safe place.
Nowadays, many of the programs we use are web-based; others are not and many
can only work in conjunction with other programs. I learned this the hard way. For example, I
built a new computer and put the latest, greatest Microsoft Office on it. Then I
found out that my facility’s gate access software program wasn’t compatible and
required Microsoft Office 2007, so I had to buy an old copy just for that
Record and file all software license keys
in a safe place. We’ve all been stung by this when rebuilding a computer; you
install Office only to realize you don’t have your license key.
Create and employ a comprehensive back-up policy.
Install a top-tiered cloud-based program
such as Carbonite or Mozy-pro and make sure that all of your files and
databases used with your facility operations programs are scheduled for backup.
For extra security, look for a service that uses high-level encryption and
You should create a regular day to
perform manual backups and stick to it. This may create a step or two, but it’s
an important habit to form.
Once a manual backup to a USB drive or
external hard-drive is complete, you should physically disconnect it from the
computer and network until your next backup.
Record and file all passwords for all
programs because they’ll be the first thing you’ll want to change once you are
up and running again. If you use Google Chrome or a number of programs designed
to encrypt and store passwords in the cloud that will usually suffice, but it’s
never a bad idea to have a copy on hand.
Educate yourself and your employees on proper cyber safety.
Nothing is fail-safe and, even with all
the precautions in place, there is no better offense than a good defense. Don’t
open suspiciously worded emails, emails that have a heightened urgency, or
emails from “banks” or financial institutions that don’t regularly communicate
with you or your business via email.
Never give out sensitive personal or
business information over the phone; this includes passwords, social security
numbers, bank accounts, etc. Banks don’t typically call you and ask you to
authenticate your account information over the phone. You’d be amazed at how
creative these perpetrators can be and how skilled they are at extracting
information that they can later use to deploy their virus.
Bottom line: Use common sense. If you
don’t know the sender or feel something just doesn’t seem right, don’t open the
email! Don’t let curiosity overshadow natural skepticism; erring on the side of
caution is always the best bet.
James Appleton is the advertising sales executive for MiniCo Publishing. He also sits on the board of directors of the Arizona Self Storage Association as its Technology & Communications Chairs, assists in the management of his family’s self-storage portfolio, an develops websites and performs ongoing SEO consulting through his web design company, Barking Tuna Web Design.