Ransomware – what is it, and how can I defend my business against it?
The latest malware trend is smart, nasty and incredibly dangerous to data-driven businesses like yours.
The news headlines are currently overflowing with horror stories about an all-new form of malware called ‘ransomware’. But what is it, and why are people so worried about it?
What is ransomware?
Malware is typically designed to do one of two things. Some variants are developed to wreak havoc, deleting data from infected machines and causing a general nuisance. The second type is virtually invisible, stealing sensitive data and sending it back to cyber criminals for sale.
Ransomware combines both goals to create a genuinely nasty problem for its victims. At the most basic level, ransomware infects a machine and steadily encrypts all of the files stored on the hard drive, rendering them unreadable. And like other malware variants, it will try and infect other machines on the same network, encrypting files on them too.
As the encryption process progresses, the victim will eventually receive a warning message telling them that their files have been encrypted, and they cannot be recovered without the relevant decryption key. The warning is also accompanied by a demand for money – potentially thousands of pounds – in return for the proper decryption. Chillingly, the victim is given a set number of days to make the necessary payment, or the decryption key will be deleted leaving the files permanently encrypted.
Because the ransomware uses the latest, strongest encryption routines, there is no way of cracking the key.
How does your business get infected with ransomware?
Like most malware, ransomware typically enters your company network in the form of an email attachment. The virus is usually contained in a macro attached to a Microsoft Word document or Excel spreadsheet, and the recipient will be prompted to open the file as a matter of urgency.
Most worrying for business owners is the fact that traditional antivirus software has proven to be incredibly ineffective at detecting and blocking ransomware. The suspect macro contains nothing malicious itself, but it downloads the ransomware application in the background. Because the file is scanned when it is first opened, there isn’t anything to detect.
This means that the victim has no idea at all that anything is wrong until it is too late.
It’s not just Microsoft Office documents that are at fault either. Other famously compromised software like Adobe Flash, Apple QuickTime for Windows and older versions of the Internet Explorer web browser can all be used to trigger ransomware installations.
How to avoid paying a ransom
So long as your business follows best practice principles and keeps regular backups, you should be able to replace compromised, encrypted files by performing a complete restore. This is frustrating (and potentially slow), but your backup regime has been designed for exactly this kind of situation.
Protecting against ransomware
The best way to deal with ransomware is to shut the routes by which it installs itself – or better still, preventing it from entering your network at all. There are a few steps you can take to raise overall level of protection against a ransomware attack:
1. Uninstall insecure software (or at least update it)
Take a close look at the software currently installed on your company PCs – and uninstall anything that isn’t used for work. Do you need Adobe Flash Player for instance? And what reason is there to keep the now-unsupported Apple QuickTime
You should also institute a software update program to ensure that security patches and service packs are regularly installed, reducing the risk of applications being compromised.
2. Move to the Cloud
Because Microsoft Office is the route of choice for cybercriminals hoping to breach your defences, you should seriously consider moving to a Cloud-based alternative. Google Docs is invulnerable to ransomware and delivers the same functionality the vast majority of functions that your employees use in Microsoft Office.
There will be the occasional file type that requires a local application (like Adobe Illustrator for certain image creation tasks), but the majority will not. For everything else, choose a Cloud application.
3. Institute a proper off-site backup
Disaster recovery is nowhere near as sexy as the name suggests – but it could get your business out of trouble should ransomware get past your defences. Remember – unless you pay the criminals for the decryption key, your only other option is to restore the original files from backup.
It is essential that you operate a proper off-site backup regime to keep copies of your data for exactly this kind of emergency. And although tapes and portable hard drives work, it is far easier and more efficient and cheaper to use a backup system that syncs changes automatically to a Cloud service. Not only does it get round the hassle of remembering to change tapes, but your data is protected by enterprise-grade security systems that keep ransomware and hackers out.
Prices for Cloud backup start at just £0.35 per gigabyte too, making it an incredibly good value insurance policy in the event of a local disaster taking your computers offline.
Get some help before the worst happens
Having realised that ransomware is incredibly lucrative, cybercriminals are using these techniques with increasing regularity.
For a business reliant on its data – like yours – there is no time to waste. Putting these practices into place will help dramatically reduce the chances of falling victim to one of these scams.
For help in strengthening your defences – and to guide your employees on how to avoid Ransomware access our free ransomware slide deck.