What is ransomware and could it really affect me?
Ransomware is a new-ish trend in malware that is infecting computers around the world. It is basically a computer virus that silently runs on your computer encrypting all of your data. Once the encryption is complete, you will receive some kind of message to notify that all of your data is encrypted using Triple DES encryption, and to get the decryption code email a certain person.
When you email the address, you will normally get a reply asking you to send a large some of money to a western union account within 12 hours. In return they promise to send you the decryption password in return. If you don't sent the money within 12 hours, the ransom normally increased at a steep amount per day.
According to Cisco businesses in the United States make over 10,000 payments to ransomware organizations every month.
Ransomware often disguises itself in the form of antivirus software or other common software such as maps or games.
Is there a way to decrypt the data without paying the ransom?
In short it is extremely difficult. In most cases the ransomware uses top level encryption to store the data, and although in theory all encryption is breakable if you throw enough resources at it. It would likely cost millions of dollars of computer power to find the decryption password.
Should I pay the ransom?
Absolutely NOT!!!! We always advise our customers not to pay ransom, but in the few cases that our engineers have worked on where the customer has paid the ransom, the encryption keys were never received. Furthermore paying the ransom is often funding crime organizations and often even terrorist groups.
Can data be recovered.
It often depends on how long the ransomware has been running, what backups are in place and other factors. Our team of specialists have great success rates in recovering data after ransomware attacks.
What should I do if I am infected with ransomware.
Turn of the computer. Disconnect all power and if it a laptop, make sure the battery is removed - this ensures the computer will not be powered off for updates, etc.
If it is a server that has the encrypted files, unless you are certain which computer is running the ransomware power down all devices attached to the server and the server itself.
Review all e-mail logs to and make sure you have not emailed the ransomware to anybody. Checking your sent items is not enough, you need to check server logs. As quite often the e-mail is removed from your sent items by the ransomware. If you have sent it the ransomware to anyone, you should contact them and advise them to take appropriate actions. Even if months have gone by, quite often full damage would not have been done.
What techniques can be used to recover from a ransomware attack.
Ideally data can be restored from a recent backup. You should be super careful to ensure you are not restoring the ransomware itself. If you do not have a backup or your backup was encrypted by ransomware your options for recovery may be limited. However, another option could be to recover deleted data from your hard drive. In many cases our specialists have managed to recover most data using industry leading recovery tools.
How you can avoid ransomware.
Avoiding ransomware better than trying to recover from it. Obvious steps to avoid ransomware are to get good antivirus software and do regular full virus scans.
Software restriction policies in corporations are great tools to control what applications can run on your network. By restricting applications, corporations reduce their surface area of attack a lot.
Good perimeter systems, such as e-mail security and web security help restrict what users can download.
Be careful about what files you open. Just because it is from someone you know, it does not mean it trustworthy. Be especially careful of Documents with Macros, Emails with Zip files or other archives, and any kind of executable. It is a good idea to get users some training on how to spot security threats.
Use a Managed I.T. Service to help monitor your network
The probability of getting a ransomware attack.
The more computers on your network, the more likely you are to be seriously damaged by ransomware. However small businesses without managed I.T. are often hit harder than large businesses with better defense systems. About 30% of small business have had some kind of ransomware attack over the last 3 years.