ALERT: Please be advised that there is a marked increase in ransomware attacks against businesses nationally. As you may have seen, this issue recently made headline news, with a high profile attack on Hollywood Presbyterian Medical Center in Los Angeles. A number of police departments around the country have also been targeted.
The Reality of Ransomware
According to Smyantec’s 2015 data, the US was one of the top ten countries being attacked, and the volume of both computer locking and data encryption attacks was significantly higher than in any other nation. Estimates indicate that as many as 100,000 new computers are getting hit daily, which is making it impossible for government enforcement agencies to keep up. Hackers are casting very wide nets because in many cases – about half – the victims find it more cost-effective to just pay the ransom and get back to work. In some cases, the FBI has advised businesses to just pay the ransom, saying that the ransomware is “just that good.” As they continue to be funded by collecting ransoms, the ransomware strains – like Cryptowall, Cryptolocker and the newest one named Locky – are becoming increasingly complex and impossible to contain, in addition to being increasingly profitable for the hackers using them. With the prominence of this issue, we have put together a basic overview on what it is and what you can do to avoid becoming a victim.
What is Ransomware?
Ransomware is a type of malicious software (malware) designed to block access to a computer system until a sum of money is paid. In some cases, access to the computer is blocked (Locker ransomware), in other cases the malware acts to encrypt all of the data on the computer (Crypto ransomware). Basically, your data and/or access to your data gets kidnapped. Hackers will then send instructions on how to pay a ransom demand in order to have access or data restored.
How does it get into my computer or computer network?
Ransonware is typically spread through phishing emails that entice the user to open infected attachments, or click on infected links. Hackers are using very sophisticated social engineering tactics, creating a sense of urgency and/or fear around the need to take action (to click a link or open an attachment) NOW. The tactic known as “drive-by” downloading is when users are lured to a compromised website by a phishing email or a simple pop-up window. In this case just landing on the site is enough to allow the ransomware access. Even if a malicious link is opened on a single computer within a network, these viruses have the ability to infect not just that hard drive, but also any external or shared drives to which the computer has access.
What does an attack look like?
It varies, but it’s common for victims to have their computer screen freeze up and get a pop-up message that indicates that some sort of federal law has been violated and that the computer will remain locked until a fine is paid. Other fake warnings include false claims that the system has been used for illegal activities, contains content like pirated media or pornography, or that it runs a non-genuine version of Windows. The goal is always payment, so in some way, shape or form victims will receive a message that coerces payment in exchange for removing the malware.
What can you do if you’ve been hit with ransomware?
For businesses that don’t want to pay the ransom, data recovery from backup is the only restoration method available after a ransomware attack. This highlights just how critical it is to have sound, regular backups running. If you don’t have backups management or aren’t sure if your backups are working properly, this should become a top priority. As we have seen with many of these ransomware attacks, businesses who are unable to restore the corrupted data through their most recent backup are being forced to pay the ransom. The hackers facilitating these ransomware attacks have made it fairly easy to pay the ransom, even providing customer service support in some cases. The most common form of payment seems to be Bitcoins, and they provide victims with information on how to purchase and transfer them. Hollywood Presbyterian Medical Center, for example, was forced to pay 40 bitcoins, or about $17,000. The ransom is for the purchase of the key that is needed to decrypt the files that the virus encrypted. Often the hackers will provide victims with a countdown clock to a time when the ransom will double, or when their information will be permanently destroyed.
What can you do to avoid a ransomware attack?
Because ransomware is typically spread through phishing emails, the best defense against them is constant vigilance on the part of all of your end-users. Be suspicious of any unknown links, unsolicited or unexpected attachments in emails, or “too good to be true” offers that tempt users to click now. Even be aware of emails that appear to be from known contacts but maybe the email formatting is incorrect, the subject or the actual request within the email are suspicious, or you weren’t expecting to receive an attachment from them. Most importantly, always stay in control of where you land on the Internet by avoiding clicking on unsolicited links on websites or in emails. For anyone in a business, we strongly recommend that you to circulate this alert to all end-users in your office, reminding them to THINK BEFORE YOU CLICK. Hackers are using very sophisticated social engineering tactics, meaning awareness really is your best defense. Remember that your strongest defense against these ransomware attacks – or any kind of malware or phishing attack – is education and vigilance by your end-users. But your ONLY absolute fail-safe is to just assume that you are going to get hit with it one day and put good data backups in place.
Ready to Talk About a Better Data Backups Solution?
We can help. Because if your idea of a modern, sound backup solution for your business is a weekly tape backup, it’s time to upgrade. Even if you’re just not sure whether or not your nightly backups are actually working, it’s good practice to evaluate the process and ensure that you are protecting your most important business asset – your data.