Surviving A Ransomware Attack
What is Ransomeware?
Ransomware is the term used to describe malicious code or applications designed to lock users out of their data and demand money in order to release it. An attack typically encrypts the data in one or more drive folders, making it inaccessible without the necessary encryption key, which the authors demand a bounty for. Worst, the ransomware often leaves a single accessible file or two for the purposes of spreading the infection (on a network drive) and providing instructions of how to contact the hackers to pay money to obtain your data. Some ransomware attacks prevent the computer from booting up and instead display the hacker’s demands.
How can we protect ourselves against ransomware? There are two sides to this – prevention and cure and as the old saying goes, “prevention is better than cure.” Preventing an attack is easier than having to deal with the aftermath and here there are some basic rules to follow. These are the same basic anti-virus rules to follow because ransomware is a type of computer virus. The first means of preventing a ransomware attack, therefore, is to ensure that your antivirus software is properly configured. This means ensuring it is quickly and continiously updated and it is set to run a full machine virus scan at least once a week, ideally when the computer is otherwise idle so as not to disrupt users.
Another part is to ensure that desktop and server operating systems are kept up to date – don’t ignore those Windows Update notifications! Keeping the operating system up to date ensures that all security patches are applied, which can help prevent system vulnerabilities from being exploited. Again, computers can be set to apply software updates when idle so as not to disrupt the user.
It’s important for businesses to ensure that the router is securely locked down, as a compromised router can potentially grant hackers access to your network. This means navigating to the router address on your network, logging in and changing the settings from here.
The final part of the prevention side of ransomware protection is that of the users: here, it is important that individuals understand their responsibilities, but it is also important that we disallow certain websites and functions that could easily allow a virus to slip through. This means not downloading unexpected attachments including Word documents, Excel sheets and, especially, ZIP files. It’s possible to block most of these messages or websites from opening. Also, users should not click unexpected links in emails. If you weren’t expecting it, don’t touch it!
To summarise; prevention means keeping your antivirus and operating system updated, locking down your router and keeping control of where users browse to and what they click on. However, there is some good news: clients using the BIS IT Maintenance plan benefit from our team taking care of these issues for you! We ensure your virus scans are completed, Windows Updates are pushed to devices, and for Exchange clients, we configure the Trend Micro web and spam filters to keep malicious content away from web pages and emails. We even check your router configuration to keep it safe and secure.
Okay – so despite your best efforts, something snuck by and now you have a ransomware attack on your hands. First things first: BIS does not negiotiate with hackers and we don’t believe you should too! The next thing to do is to secure the problem and stop the spread of the virus. This may mean isolating a machine from the network, which if it is a network folder, might mean preventing access to this part of the drive. Look for a cleansing tool online to remove the virus from infected files before you consider recovering your data otherwise you can simply catch the same infection a second time.
Paying for your data is rewarding their malicious attack on your data. It is better to discourage their activity by recovering your data, but this does not mean attempting to decrypt the files. Instead, we recommend restoring the last known good copy of the data – it means securely wiping the infected files from the drive and restoring from the last known good backup.
Here again for BIS IT Maintenance clients, the team here will restore your workstation and server’s data and important files from our verified backups. Our systems regularily backup your computers, including the contents of the My Documents, to allow for the information to be restored should the worst happen.
More about BIS IT Maintenance…
Although 2015’s Snapchat photo leak put online security into the headlines, BIS Consultants have been keeping clients data and infrastructure safe for a lot longer. If you are worried about online security and would like to know more about the BIS IT Maintenance, you can call us on 800-247-9045 or email us at either firstname.lastname@example.org or email@example.com.