Escaping the trap: Ransomware, what it is and how to prevent it
By Jim Mitchell, Technical Consultant at Planit Canada
It is a Tuesday morning as you walk into the office to find your entire system has been compromised. Files corrupted, machines down and a concise message on how you can retrieve your data by submitting a payment to some random address – you have just been hit by Ransomware.
A nightmare still lingering for those that have faced its wrath and an urban legend for those who have only heard its tale – but one thing is certain, there is no prince or fairy dust at the end of it and the cost of an extensive recovery can be astronomical.
At Planit Canada, our customers are our number one focus, however, through this article we hope to shed some light on what Ransomware is, what it does and why you should know about it – while outlining the importance of some standard IT practices you could begin implementing today.
What is Ransomware?
Ransomware is a type of malware that typically uses a method of encrypting user data with the intent of holding the data “Ransom” for further forms of extortion. This encryption locks files using complex algorithms that are virtually impossible to unlock without the “key”, which was used to generate the encryption. In addition, Ransomware is becoming increasingly sophisticated combining various attack vectors in large campaigns – broadening its outreach while possessing the ability to spread to other systems.
Unfortunately, there is often this common misconception with security where people feel they should not worry about cyber-attacks, as they think they do not carry sensitive information or have resources of interest. We must keep in mind that most cyber-crimes start via large scale campaigns of social engineering attacks, searching for vulnerable systems or insight from other data breaches such as email addresses, usernames and passwords combinations.
How do I protect against it?
It is important to provide awareness and training to ensure we understand the severity of Ransomware and their part in avoidance.
Here are some general security basics:
• Inspect sender of files, messages and links. Do not open files or links from unknown sender’s. Something seems off with a response from Bob in finance? Avoid that link he just sent and reach out directly to confirm its legitimacy. Phishing attempts are often carefully crafted to represent or imposter a person or entity.
• Change password often avoiding duplicate passwords. Password phrases are in, and password managers help when combined with additional authentication methods such as multi factor authentication.
• Keep up on software updates for Windows and antivirus
• Never use unknown external hard drives or plug in USBs from unknown sources.
• Keep adequate backups
What to do in the event of an attack?
If your system has been compromised by ransomware, your first step should be to identify and contain the infected system(s) including any attached storage mediums and remove it from network resources both wired and wireless, but do not turn it off. Let others know of the situation.
Your next step should be finding a professional specializing in disaster recovery as it will help the likelihood of recovering data. Without adequate backups, the process of recovery requires a trained professional who can identify the infection type to attempt to recover data. All infected systems should be reimaged, which means resetting the Operating System of your PC, and a technical investigation should take place to determine if any other systems were affected.
Should I ever consider paying Ransoms?
Paying is a very difficult suggestion to give as you will never be certain of receiving anything following payment. While pressures are high, forward steps to containment and recovery are a better suited area for resources than empty promises.
In conclusion, adapting standard IT practices in your business, big or small, will not only benefit your day-to-day workflow, but will also protect you against security threats as they develop. As a refresher, these practices include user training and awareness, keeping up on updates, decommissioning of old unsupported hardware/software, backups, and hiring a reputable IT consultant can be an asset to your business in ensuring that systems are in place and have proper care.