There has been a lot of news lately on the new digital scourge called Ransomware. And for good reason. NBC News reported in a recent article that Ransomware attacks increased by tenfold in the first three months of 2016 over the entire previous year. This is a real threat. Not only that, these attacks are getting nastier and harder to respond to. This post endeavors to answer two questions briefly that many executives and business owners have probably been asking themselves recently … what is Ransomware? And what can I do to protect my business?
What is Ransomware? Simply put, Ransomware is a type of malicious software designed to block access to a computer system until a sum of money is paid. It can take a few common forms:
Scareware - commonly presented to the user as a pop-up that informs you that your PC is infected with a ridiculous number of viruses. It instructs the user to contact a company and they will "clean" your PC for a fee. These are more annoying than harmful, they don’t tend to destroy data, but they do harass you until you comply or remove the source. They are typically easy to remove by an IT professional and don’t damage data.
Screen lockers - this form of Ransomware will boot into a screen that sometimes has legitimate looking government logos instructing you to call a number and make a payment to unlock your PC. These are also not typically harmful, but will lock you out of your PC until you can get an IT pro to remove its grip from your PC.
Encrypting Ransomware - this is the nasty one you REALLY don’t want to see. The Ransomware starts scrambling all your files so you cannot read them. The ransomware software is the only application that can unscramble them. The user is instructed to contact the cyber-terrorists to make arrangement for a payment. Their promise is that they will instruct their Ransomware attack dog software to unscramble your files after you pay. Many actually do unscramble the files, but there is really no honor among thieves. If you pay once, you will no doubt get hit repeatedly.
How can I protect my business? The great news is that there are a number of things you can do to reduce your exposure to Ransomware attacks. The key is prevention. There is no way, once attacked, you can reverse the effects of the malware apart from paying the terrorists. So, prevention is your best course of action. Here is a list of things that we at Aspire Business Solutions recommend.
Implement and maintain a good quality anti-virus/anti-malware protection software. Remember, you typically get what you pay for, so steer clear of the "free" anti-virus packages unless they are a well-known and reputable brand. As of Windows 8, Windows Defender (previously distributed by Microsoft under the name: Security Essentials) is integrated into the operating system. If you have Windows 8, 8.1 or 10, you are probably protected. If you are running Windows 7, you can download and install Microsoft Security Essentials from the Microsoft website. If you are running Windows XP or earlier, get a new operating system as you are WAY overdue and there is really no way to protect you.
Firewalls. Firewalls are usually a part of most routers. Routers connect your business's local network to the Internet. If your office has more than one PC connected to the Internet, you have a router, and most routers have firewall capabilities. The firewall is your network's gate keeper. You should have an IT professional look at your router and assess the strength of the lock on your front door. A properly setup router/firewall can stop many attacks before they can get started.
Web content filters. Sometimes these are also components of routers, but they can also be separate devices or software services that are connected to or run inside your network server. They have a massive database of sites known to traffic bad stuff and will stop you before you do something you will regret. If you don’t have a web content filter and are suspicious about a URL you have been instructed to visit, the good people at Trend Micro offer a free service (Trend Micro Site Safety Center) that will let you know if the site is "safe" or not. Like the firewall, many attacks get stopped at this point.
Keep Windows and Anti-Malware tools up-to-date at all times. Most of the attacks that are floating around today are not anything that has not been seen before. Most are foiled by updated malware protection. If your operating system and/or malware protection is not up-to-date, it is as if you did not have them at all.
Backups, backups, backups!!! - Right now it is tornado season in Oklahoma and backups are essential for your business surviving those big twisty winds. But, they may also be your salvation if you get attacked by encrypting Ransomware. As indicated before once hit by one of these attacks, there is no fix apart from paying the terrorists. Make sure you have good backups and that a copy of those backups are stored offline. If you keep your only backups connected to the server at all times, there is a good chance the Ransomware will encrypt those as well. Insult, meet injury.
Have an IT service provider (like Aspire Business Solutions) come in a do a cyber security audit. We can assess your Malware attack exposure and offer recommendations and solutions to keep your business reasonably safe.
One last, most important point! Despite all the measures listed above, there is (painfully) one major flaw in all of them. Us. We must be alert to attacks and be smart about what we click on. Humans can override all these protections. This kind of exploit is known as a Social Engineering exploit and is as old as snake oil salesmen. The bad guys thrive on manipulating you. I cannot count the number of people who have come to me over the years with infected machines who clicked on a link sent to them from a "friend" or "family member", only to find out after-the-fact, that those people never sent the message. Become very suspicious of everything you see and question everything. Here are some ways to cover up your cyber tracks and make it harder for Social Engineering types of lures;
Clear your browse files regularly (once a week) - delete cookies especially. Cookies are bits of personal information (favorite authors, brands you buys, etc…) that can be read by websites on the Internet. These can be used against you. Cookies are not the enemy, I don’t recommend blocking them completely, but there is no need to let them build up and provide intel to the would-be terrorists.
Lock down privacy settings on social media accounts. Remember, that if everyone can see info about you, then so can people who are up to no good. Private info can be viewed by friends, but not the public -- or the bad guys.
It is a shameful state of affairs that the probability that your business, or a business that you are acquainted with, will be attacked by a Ransomware extortionist before the end of this year is very likely. The good news is that you can do something now to reduce your exposure and risk. A pound of prevention now may save your business tomorrow. This is a staggering but very real thought.
Click this link to arrange a free one hour consultation to discuss how Aspire Business Solutions can help keep your business safe from all threats.
Links to other resources that were used as sources for this post and contain more detailed explanations.