Skull on a screen as the header image

How many of us have heard the term ransomware and thought – That will not happen to my company or me until it does. What exactly is ransomware, what can you do to avoid it, and what to do if you are affected?

What is Ransomware?

Explaining what Ransomware isAs its name suggests, it is a software that locks your pc/server and holds it ransom for payment. Think back to the NHS in England that was recently affected, the increase in the IoT is also making many manufactures worried and increasing investment in protecting it from ransomware.

Another vulnerable point of entry into the company’s network is the workers themselves. The education of users about the dangers of looking at NSFW websites cannot be overemphasized, and this is generally the route for many would-be exploiters to drop off the little trojan program.

What most people don’t realize is that this is not an immediate attack – just as the name suggests, the port of entry is a Trojan Horse program, and just like the ancient Greek legend, it was named after its real intent is only felt much later on.

Do you remember the good old days of “Choose your own adventure” books? You would read a couple of pages, and then a critical decision point was reached, and you as the protagonist would have to make a choice – and then subsequently turn to the corresponding page to see what the outcome of your choice was.

Well, like you would place a marker on the choice page to prevent having to re-read the entire adventure up to the wrong choice. The same reasoning can be placed on a few things that we are afraid to lose – game progress on any RPG game, or in the context of this article, essential documents, and files, we call it a back up.

Types of Backup:

Old School Way of Backing Up
There are several ways to go about backing up your data – it all depends on your unique environment – for instance if you have many excel documents that you don’t want to redo, copy them to a USB stick might suffice. However, we are focusing on the more prominent companies that are more than likely running a few databases.

Automated backups to a tape drive, which is then stored off-site, are generally the way most companies have followed. There is, however, another route and one that is very cost-effective – It is the cloud.

The reluctance to move over to a cloud-based system was generally based on perceived data costs as well as slow transfer rate – thereby negating the benefits of an offline system – those issues have not only been enhanced they have also added many extra features which makes going to the cloud a necessity to consider.

The cloud storage systems on offer from several vendors provide a viable alternative to the old way of doing things – especially considering the expanded rollout of fiber to many areas.

The off-site cloud storage solution affords businesses of all sizes the luxury of having their data available in a secure environment with climate control, fire suppression systems, and enterprise-level data security, all for a lower cost than the traditional off-site storage of a physical drive.

The other benefit of considering cloud storage is the redundancy. What I am referring to is the lack of spending by business in ensuring that the IT department has the technology that they need to perform the normal functions – this usually results in so-called ‘Non-essential’ systems being last to be upgraded. You end up with a Magneto-Optical Drive as your backup running on the 1998 Backup Exec software package. If you have not yet explored the world of remote data storage onto a cloud platform – WHY ARE YOU STILL READING THIS? DO IT NOW!

So, a backup will solve all my issues?

Well, it all depends on what the state of your virus protection is. What are you using Windows Defender….are you serious?!?

Keeping in mind the adage “You get what you pay for” is also true with regards to the protection systems included in the operating system. Ask yourself, did you pay extra for that software? Then can you expect anything worthwhile from it?

There are a few excellent virus protection packages out there, and we strongly encourage you to look at the one that suits your needs and wallet.

One of the best out there in terms of ease of setup and running smoothly in the background is ESET – we are in no ways endorsed by them or receiving any kickback – they have a great product that runs with no fuss. That is the problem with them – you cannot directly go back to yesterday’s backup; The program was more than likely installed weeks ago.

What do you remember about castles? What made them so hard to capture? Yes, they had multiple defenses – A high wall, a moat, a drawbridge, and so on. The same approach needs to be taken concerning any system exposed to the internet. You will be attacked – it is a matter of when not if.

We are not trying to scare you and make you think that the internet is not worth exposing your business, too – there are so many reasons why your business should be on the internet, and it is a safe place if you make your environment safe by taking a few necessary steps.

I have Ransomware – Now what?

Many companies who have been exploited via ransomware are faced with two choices:

  1. Choice 1: Pay and Pray – There is no guarantee that you will get your data back, and the exploit that enabled them to hold you ransom is still there!!
  2. Choice 2: Take the well-publicized stance of the American’s and reply to the would-be extortioner “We don’t deal with terrorists” and then lose your data from the time you were infected.

Prepare For RansomwareThat is the definition of being in a rock and a hard place. Some online programs will scan the suspected computer for any ransomware and remove it. There is, however, no guarantee that these programs will restore access to your data.

Dealing with the reality that your data will no longer be there – only you can determine what the cost of doing that work is worth – so can you afford to lose that drive of drawings that took hours? Or what about the accounting program that is no longer available – do you have hard copies of all the invoices you made in the last few months?

As more and more companies expand into a paperless society and rely more on computer systems to handle their business needs, the increase of attacks will also take place. Remember to the exploiters and hackers – this is their business, and usually, they are exceptionally good at their job.

Plan of Action

  • Review the backup process currently in use – if there isn’t one, implement one, and TEST IT! Remember, never assume as you make an ass out of “u” and me!
  • Review Anti-Virus and Malware software installed on ANY computer that connects to the internet – Ensure that it is up to date.
  • Educate your staff on the dangers of clicking on any suspicious-looking emails or NSFW websites – Ask your IT guy/company to install a firewall to prevent access to those sites.
  • Review your password policy – It’s always a good idea to change your passwords every 14 days.

If you have been affected by ransomware and cannot afford to lose all your data, the choices you have are limited; however, use it as a way to learn and prevent this from happening again. If you have not been affected by ransomware – use this opportunity to chat with your IT service provider and express your worries and concerns. As a minimum, use the plan of action as a template to ensure that you limit the risks attached to getting infected in the first place. With a structured, well thought out plan of action, you can rest easy at night knowing that you will not be one of those affected by ransomware.