Long gone are the days when viruses simply wanted to deface your website or display a funny message on your screen. Now malicious software attempts to encrypt your key data and demands a ransom be paid to get it back, usually in the form of BitCoins (BTC), Western Union transfers or other anonymous payments. This virulent mal-ware is hitting businesses large and small and costing companies millions. The FBI and local law enforcement is overwhelmed with cases and often recommends the victim pay as their only option to regaining their business.
How to avoid a ransom-ware infection:
- Always run up-to-date anti-virus from a centralized server that pushes updates to all machines. Don’t trust trial, lite or free versions to keep you safe.
- Make sure your data back-ups are current and working and ideally stored on a different server and network than your main IT assets. Test them at least once per year.
- Train, Train, Train your people. This is the final and best defense against malware infection. Most malware requires an employee to click on a link or attachment to infect. The phishing emails these days are very good at fooling people. Make sure that all employees know to never click on an attachment or link that they weren’t expecting, even from someone they know. And just doing training once isn’t enough. Repetition makes people remember so plan a IT security awareness class at least once per year.
- Provide extra security for executive and administrative accounts. These accounts are the crown jewels for hackers and should have all the protection on regular user accounts plus longer, more complex password requirements. Do not give out too many administrator privileges, especially to executives who don’t need it. It is for their own protection as these accounts are often the ones targeted by hackers.
But sometimes even with your best efforts, ransom-ware gets in and infects your network and computers. If you are confronted with a message like the one below, don’t panic. Here are some tips to help you survive:
- Immediately disconnect your Internet connection. While it won’t help machines already encrypted, it can stop new infections from spreading.
- Stop any backup routines that are scheduled. If a backup occurs after a mal-ware infection, the back-up can become corrupted
- Evaluate the damage objectively. Do not pay any requested ransoms right away. Are the machines affected critical or can they be replaced easily? Do your back-ups function properly? If so, you could avoid having to pay. Even if key infrastructure is encrypted, you may still be able to avoid paying the full ransom. Call or email us, we can:
- Determine the feasibility of restoring encrypted files. Decryption keys and workarounds for some ransomware variants have been discovered.
- Negotiate with the cyber-extortionists. Sometimes a lower ransom can be negotiated. Paying the full amount up front will often illicit a demand for more money from the thieves before you get the decryption keys.
- If you must pay, we can provide access to BitCoins and other virtual currencies for companies that have a hard time obtain such currencies themselves due to accounting or regulatory constraints.
- We will investigate and find “patient zero” on your network. We will also work with you to close any holes and make sure that the cyber criminals can’t get in again.
- Your best defense against future infections is staff training. We can provide cybersecurity awareness to your whole staff, top to bottom to inoculate you against malware and ransomware for good.