Ransomware: Why Data Backups are Your Best Defense
You sit down at your desk, log on to your computer… and are greeted with a brazen message:
YOUR COMPUTER AND FILES ARE ENCRYPTED. YOU HAVE 96 HOURS TO SUBMIT PAYMENT OR YOUR FILES WILL BE DESTROYED.
Panicked, you frantically search for your files, but they’re locked or have disappeared completely. Your last data backup was done a month ago, so any new files added or changes you’ve made since then are lost. Your heart sinks as you helplessly watch pop-up windows hit your screen, denying you access to documents, spreadsheets and even personal photographs until you pay a hefty fee.
You’re under a ransomware attack.
We’ve all heard about viruses and malware, yet ransomware remains a mystery to many. A report from the Kaspersky Lab showed that 43 percent of consumers in the United States and Canada don’t know what ransomware is or how it works, despite the fact that it’s been around for over a decade. And according to ZDNet, ransomware attacks in the United States increased 167 percent in 2016.
We’ve seen several clients directly impacted by ransomware attacks, resulting in lost work time and extra effort (and money) spent on getting their files and systems back. So it’s important to know what ransomware is, how it can affect you, and how robust, reliable and frequent data backups are your best defense.
Ransomware prevents you from using your computer by blocking access to operating systems, encrypting your files or stopping certain applications from running. It then demands that you pay a fee to get your files and programs back.
Ransomware can infect any device that uses the internet, including PCs, laptops, tablets and smartphones. It’s generally spread in the same manner as viruses or other malware—opening contaminated email attachments, visiting questionable websites or clicking on unfamiliar links.
Once on your computer, ransomware moves quickly; a file you worked on just minutes before can suddenly become inaccessible. If you have connections to other computers, or shared storage, files on those devices can also get encrypted by the ransomware on your computer.
There are two main types of ransomware. Lock-screen ransomware displays a full-screen message stating that your computer is locked and requiring payment to unlock it. It completely stops your ability to use your computer in any way. Encrypting ransomware encrypts and locks individual files on your device and demands payment for a key to release them. This type of ransomware is far more difficult to remove.
How do I know if I’ve been hit with ransomware?
The first visible sign of an infection is a message like the one above. You might see multiple pop-up windows or one full-screen display. It can even include an official-looking seal and tell you that you’ve violated the law and will be arrested if you don’t pay their fine.
If you’re able to navigate your system, you’ll often see icons placed on files that have been encrypted; their names/extensions will also likely be changed. You will not be able to open any of them (or you might not see the files at all).
Following the ransom instructions can be expensive. In 2016, Hollywood Presbyterian Medical Center in Los Angeles paid over $16,000 to hackers after ransomware held the hospital’s IT network hostage. With patient information and critical procedures at stake, hospital officials paid the fees to quickly restore operations.
What can I do if I’ve been attacked?
Milder forms of ransomware can sometimes be removed using standard malware/virus procedures or through system and data restoration functions. In many cases, however (and especially with encrypting ransomware), removal is complex and requires the help of a knowledgeable IT professional with ransomware experience.
However, it is not recommended that you pay the fee to regain control of your device and files. There is no guarantee that cybercriminals will provide the decryption key needed to access the files; and since they operate with anonymity, there is no recourse for victims.
How can I keep this from happening?
You can greatly reduce your likelihood of infection by following a few common-sense practices:
- Only visit websites that you know are reputable. That link promoting rapid weight loss in a pill or spilling dirt on a Hollywood celebrity might intrigue you, but it could lead to a compromised website.
- Use good, reputable anti-virus software and ensure it is updated regularly.
- Ensure you are behind a good firewall, preferably one that provides services such as anti-virus, web filtering, and intrusion detection and prevention.
- Never download or open attachments or click links that have been sent to you via email unless you are expecting something.
- If your employees must access servers and workstations remotely, ensure that their passwords are complex and changed regularly. When possible, use two-factor authentication, which requires a second method to verify a user’s identify (for example, a password and a security question).
However, the best method for dealing with ransomware is found in reliable backups of your data (preferably with an off-site component) that are done every day. This way you have uninfected copies of all of your work safely tucked away. If you’re hit with a ransomware attack, your IT provider or staff can follow removal procedures to get rid of the infection and then re-install the backed-up versions of your files and programs.
It’s also crucial to review your backup procedures and make sure you hire a provider that does the job right. Many of our clients who have been affected by ransomware thought they had sufficient backup systems in place, only to realize after an attack that their files were not protected enough. (Read here about what to look for in a remote backup service provider.)
Don’t let your data and systems be taken hostage by a faceless cybercriminal. While there is no guaranteed way to prevent ransomware, you can help protect your devices and your network by following safe and smart web browsing and email practices. You should also assume that you will be infected eventually and have a good backup system for your network and data.