What is Ramsomware?
Imagine you left for a vacation and upon your return home, you find out that all your locks have been changed and there is a note on the door saying to pay $300 to get the key. You look in through the locked windows, everything is there…but you can’t get in. This is basically the situation some companies face, finding out that their precious data has been locked up by criminals asking money in exchange for the key.
What is Ramsomware? Just like the name denotes, a ransom is needed when something is taken hostage, in this case, all your documents, spreadsheets & images.
The current threat is Cryptolocker (surfaced in September 2013), which can slip by your anti-virus solution, start encrypting your files using a two key system, one key they keep and will only give you if you pay up. They give you 72 hours to pay or they will delete the second key. Currently, we have seen either $300 or $400 as the ransom price.
What does it do?
The Trojan will install itself and scan your computer, USB attached storage, cloud drives (e.g. Dropbox) and network drives to start encrypting those files. Only when the job is done do you get a big red pop-up letting you know what is going on. The infection is fairly simple to remove but its purpose is irreversible without that second key that they hold hostage.
How can you get Cryptolocker?
You can inadvertently install the Trojan via a zipped attachment from what seems to be a PDF from a reputable company (UPS, FedEx, Xerox, etc.). You can also get infected via a hacked website which will take advantage of outdated plug-ins. If you are still using XP, you are no longer protected for any new vulnerabilities and the risk is much greater.
How can you protect yourself?
Although an anti-virus solution is not a guarantee of the cat and mouse variations of this Trojan, a good paid anti-virus solution is recommended and will help reduce the risk of this and a myriad of other attacks.
If you are on a Domain, a set of rules can be put in place to block the behavior of this Trojan.
Do I pay the ransom?
Unfortunately, for some, paying the ransom might be the ONLY way they can get their data back if a valid and current backup does not adequately protect them. Giving money to criminal is something to be avoided, if at all possible and there are no guarantees that it will work. One can easily restore the unencrypted files from a backup and reverse the effect of the virus. The only loss would be documents created or modified since the last valid backup. If the Trojan has been running for a day or more, you might have to return a few days behind, so a loss of productivity is the issue.
Choosing the right backup strategy
We used to have a backup conversation with clients, but as we rely more and more on technology and our precious data, we are now moving to a conversation about business continuity. Here are the questions you need to ask yourself:
· How damaging would it be if my data was suddenly gone?
· How long can I afford to be without my data?
· How much data am I willing to lose between valid backups?
· If my server had a hardware failure, how long is my business going to be without it?
· Have my current backup been validated with recovery tests?
We are committed to protecting your precious data. Not only do we offer a secure offsite Cloud Backup Solution that would allow you to recover your files from an offsite location, we also offer solutions where we can recover a whole server to a temporary location within a matter of hours, based on 15-minute snapshots.
There are only two types of people: Those who have lost data, and those who will! Let us have a conversation about your backup strategy so that when you need to recover some or all of your data, you can sleep well at night knowing the loss will be minimal or non-existent.
Call us today and have the confidence to say to the Cryptolocker criminals: No – I will not pay!
If you would like to get some useful links to prevention tips on the topic, please complete the contact form at http://varofficesuite.com/contact.php and make the request in the comment section.