Like other businesses, you have probably implemented software, a firewall and other security systems to protect your business data from being hacked and stolen.
Theft, however, is not the only threat to business data these days. Now there’s ransomware. Ransomware is not designed to steal your data but to extort money. What the cyber-criminals do is lock or encrypt your business data until you pay them a huge ransom to remove the encryption.
One retail business learned its data had been encrypted when its accounting software failed to open. Malware had encrypted the accounting data on a mapped drive on the firm’s server. “The ransom note never popped up on the screen,” the business owner said. “The accounting program just stopped functioning one morning.” When a technical support person looked into the problems, more than 200 copies of a ransom note appeared scattered around the file system, directing the firm to pay $500 in Bitcoin to the criminals.
Between April 2014 and June 2015, the Internet Crime Complaint Center, a partnership between the nonprofit National White Collar Crime Center and the FBI, received 992 complaints about a version of ransomware, Cryptowall, in which victims reported losses of more than $18 million. Some cybersecurity experts estimate that hackers are earning more than $70,000 a month on ransomware. In 2016, it was estimated that on average, ransomware infected 30,000 to 35,000 devices a month.
Ransomware usually starts with an employee opening a single file that unleashes a virus that shuts down the entire system. But ransomware can be activated in a number of ways. These include infected downloads, phishing scams, or opening an email attachment containing malware.
The purpose of ransomware is extorting money. But the tools used for ransomware are no different than those used for traditional hacking. Ransomware is just malware that’s used to gain access to your computer network.
One of the most common tactics for dealing with a ransomware attack is to wipe your entire system, then restore it from a secure backup. This approach allows you to avoid paying any ransom which, in the end, may or may not result in your system and its data being unlocked. After all, who’s going to trust a criminal?
Backing up your system is a good approach for protecting your business data. During the wipe and restoration process, however, the data is still inaccessible. So this could interrupt or virtually shut down your business while the data is being restored. If you are conducting backups on-premise, you should make sure you can recover an image of the data for months in the past and keep multiple copies. Any backups made between the time of infection and when the attack is detected will be encrypted, and thus unrecoverable.
Another good defense against business disruption and employee downtime from ransomware attacks is having an up-to-date, easy-to-access cloud backup for all of your critical business data. With a real-time backup solution, you can quickly restore files and folders after a ransomware attack. Downtime is reduced and employees are back to working quickly.
Unfortunately for the retailer, the infection revealed that the business’s backup program had not been working correctly for more than two years. The company had no choice but to pay. Yet even that did not work. Unable to deal with their mapped drive, the ransomware’s decryption routine failed to unscramble more than 100 of the thousands of encrypted files, leaving financial and customer information encrypted.
Because the ransomware scheme requires trust that the criminals will hand over the data after receiving payment, the operators offered support to the owner, and even offered to try to decrypt the data, if the company sent the files. The business owner declined.
Automatic incremental online backups are a great help. Brian Foster, chief technology officer of network-security firm Damballa, advised. At the very least, businesses should be keeping at least one set of backups offsite. There are many companies offering offsite backups at very affordable rates.
You can avoid ransomware the same way you avoid all viruses and malware.
- Ensure you have a strong firewall.
- Install and run anti-malware tools that update automatically.
- Keep your system and software up to date.
- Educate your employees on how to spot and avoid activities that could lead to infections. These include random downloads and opening attachments from senders that don’t look appropriate.
Many Ideacom Network member companies will help you evaluate your firewall and other network systems to ensure they are as secure as possible from the threat of ransomware.
It’s important to make sure your backups are working and that there is a clean version of your data that can be restored. However, avoiding the ransomware in the first place is your best option.