The following post is courtesy of TeamLogic IT, and IT services provider in Fort Myers, FL. President of TeamLogic IT. Bob Roloff, shares his thoughts on ransomware and what you need to know about it as a business executive. Most importantly, he shares his thoughts on protecting your business from ransomware hacks. Thanks to Bob for this great contribution to our blog!
News headlines regarding the WannaCry ransomware attack and more recently the Petya strain bring to light the importance of general security awareness for businesses large and small. Both the WannaCry and Petya ransomware attacks leverage a NSA revealed Microsoft Windows vulnerability to rapidly infect multiple computers on a compromised network.
What is Ransomware?
Most current variants of ransomware encrypt files that the infected user has edit/write access to and then requires a ransom (typically in Bitcoin) to unlock the files. The WannaCry and Petya versions have a worm aspect that allows the malware to infect other computers on the network. This is a new development in ransomware attacks.
What Do I Need to Know as a Business Executive?
It is important to understand the impact of a ransomware attack as it can be debilitating to your business. Most infections result from a user clicking on an email that contains an executable program that installs the ransomware. If the user that is infected can edit documents on your server, the ransomware will encrypt the files on their computer and your server making them all unusable. At that point you have two options to recover your data, (1) restore your data from a backup or (2) pay the ransom.
The typical ransom is around $300 but those responsible for initiating ransomware infections are not always so reasonable. One local company we have spoken with (not our client) recently paid over $7,000 to get their files and data back. Internationally, ransoms of up to $1,000,000 have been requested. The attackers are selective with some of the attacks and are aware of the size of the organizations they are attempting to compromise, asking for ransoms that they think the organization might be willing and/or able to pay.
How Do I Protect My Business from Ransomware?
The number of ransomware infections is increasing exponentially each year. Both the WannaCry and Petya versions of ransomware leverage a Microsoft Windows vulnerability to infect multiple computers on a single compromised network. The first line of defense is ensuring your Windows computers have the latest Windows Updates installed. This will help prevent the WannaCry, Petya and subsequent similar strains from infecting multiple computers on a single network.
Staying current on Windows Updates will help limit the impact of some strains, but regardless of the strain the infected user will still have their files encrypted and if the user has write access to the files stored on your company server those files will be encrypted as well. We consistently address the importance of having a reliable and restorable backup solution in place with our clients. One of the most important things you can do to protect your business is having a reliable backup solution. We recommend regularly monitored onsite and offsite backups to our clients.
Additional preventative measures include implementing an email protection solution along with educating your team members about the risks. A robust email protection solution will help prevent emails that contain ransomware from making it to your users’ inboxes. User education can be structured or unstructured, ranging from ad hoc meetings to organized email campaigns that send emails that mimic malicious emails and provide automated user training when someone clicks on something that could have been malicious.
Finally, we are recommending and implementing a software solution across our client base that protects computers from ransomware attacks. The software is like a typical antivirus solution from the perspective that we install the software on each computer but that is where most of the similarities end. We are not aware of another solution on the market that will stop ransomware and restore any files that might have been encrypted before the malware was contained. Most of the time users do not even realized they were infected. It is an excellent additional layer of protection for your business.
Closing Thoughts
Ransomware is unfortunately a big business and the attacks will continue to increase in frequency and complexity as long as it remains profitable for those initiating the campaigns. It is also basically untraceable so catching those behind them has proven difficult. For most businesses, it is not a matter of if but when they will experience a ransomware infection. Take measures to protect business now before it happens.
Bob Roloff is the President of TeamLogic IT, a managed services provider located in Fort Myers, FL. Their team help businesses remain aware of important trends in security while providing ongoing technology consulting and support services. Bob and his team can be reached at broloff@teamlogicit.com or 239-774-1603.