Ransomware has quickly become one of the biggest threats to small businesses. Many times small businesses, lacking in their IT resources, don’t have a comprehensive network security or data recovery plans in place.
In fact, about two years ago, we were called in to assess an infected network for a brand new customer who had been infected with Ransomware. They had been managing their infrastructure internally, and had failed to verify or test their backup solution, which ended up being faulty. They were forced to rebuild much of their financial data from paper over the course of a few months. You can only imagine the kind of financial impact a issue like that can cause, and that is a financial burden many small businesses couldn’t cope with.
So, what can we do? The best way to combat this increasing threat is to understand what it is, where it comes from, and how you can protect yourself.
What is Ransomware?
Ransomware is software designed to restrict access to data, or systems until a ransom is paid.
The most common variants are Cryptolocker and Cryptowall.
How do You Become Infected? (The same ways you get other viruses)
- Pop-ups and scripts from Malware infected websites.
- Links or attachments in malicious emails, or even from people you know who have been compromised.
- Fake software downloads.
I’ve Been Infected. What are My Options?
- First of all, don’t ever pay the Ransom! There isn’t any guarantee that you’ll get your data back, and you are only fueling the bad guys.
- If you’ve been infected, immediately remove your computer from the network to keep it from spreading, and remove the infection.
- Don’t bother trying to crack the encryption. It would take a computer many lifetimes over before it would ever crack the code, and by then you probably won’t need it.
- Once the infection is removed, restore your data from a backup.
What Measures Can You Take to Protect Your Data?
- Limit access to sites that are work related via a proxy service, or through firewall policies.
- Use a multi-pronged approach to secure your computers and network.
- Use a Unified Threat Management Device at the head of your network, such as a Fortigate, or Sonicwall.
- Use Anti-Virus on all End-Points (Servers, Workstations, Laptops)
- Employ some type of content scanning solution on your email server.
- Make sure your employees know not to open emails and attachments from unknown or unexpected senders.
- Limit the users ability to install software through the use of network policies.
- Limit access to mapped network drives, as needed.
- Use both and onsite and offsite backup solution, and make sure you understand your data loss tolerance (how many days of data loss you can endure) and plan accordingly.
- Always test your backups!
Have you ever been infected with Ransomware? If so, how did it impact you, and how did you recover? Let us know in the comments.