What You Need to Know About Ransomware
We don’t like to think about malware, viruses, and all the ways they can damage systems. The data loss, downtime, and cost can be painful. But we can’t just ignore the threat and hope it doesn’t happen. Everyone, big or small, is a target of ransomware, one of the nastiest kinds of malware.
Ransomware presents you with the choice of losing valuable data or paying to get it back. Worse yet, it may steal that data and keep a copy even if you pay. You need to protect your systems against it and know what to do if it hits.
How ransomware works
File encryption is a very useful thing. You can encrypt a file with a key that only you know. If someone grabs a copy of the encrypted file, it doesn’t help them. As long as they don’t have the key, it’s a collection of meaningless bits.
Ransomware turns the tables on you. It encrypts your files with a key that only the attacker knows and removes the original. The encrypted file is useless to you, since you don’t know how to recover it. After ransomware does its work, it displays a pop-up message on your screen, telling you what it’s done and what you need to do.
To get your files back, you have to pay a ransom. The message will tell you to pay in Bitcoin, because it lets the criminal collect the payment anonymously. If you’ve never used Bitcoin before, it will take time to figure out how to set up a “wallet,” as a Bitcoin repository is known, and put money into it.
Any kind of files can be affected. Images, documentation, spreadsheets, databases, anything. Some ransomware goes after anything it can reach. Other varieties try to find the most valuable files, like business records, and encrypt them before you can notice what’s happening.
Meanwhile, the ransomware is most likely trying to spread through the rest of your network and encrypt more files. The message often will contain warnings to make you nervous. It will say that the ransom will go up if you don’t pay right away, or that it will encrypt more files.
There is ransomware for all kinds of systems. Windows computers, Macs, Linux servers, and even smartphones can be hit.
There’s no guarantee that payment will get your files back. When you deal with crooks, you can’t count on their honesty. In the worst case, the loss of critical data could destroy your business. Even if you get your files back, the downtime can cause serious damage.
Don’t be caught defenseless
If ransomware hits you, you don’t always face the choice of paying or losing. Some kinds of ransomware have been cracked, and a security specialist can get your files back without your having to pay the extortionist.
Some ransomware is really just “scareware.” It locks up your computer and claims to have encrypted your files, but it hasn’t done any permanent harm. If you get a ransomware message, look a little deeper before doing anything drastic.
The best protection is an up-to-date backup. If you have backups that the ransomware can’t touch, then you just need to clean the infection off your system and replace the encrypted files with the good copies. The safest way to do this is to have an offsite backup which the ransomware can’t get at.
When ransomware hits your system
Paying the ransom may not help. Some ransomware operators are “honest” in their own way because they want to keep up their reputation. Others may already have been shut down or may lack the technical skills to restore your files. A lot of ransomware operators just buy a kit and start going after targets. They often have no idea what they’re doing.
Once ransomware gets into your network, it’s likely to hit more than one machine. It will try to propagate itself from one system to another, hitting as many as possible. It will go after backup systems so that you can’t avoid paying by restoring the files. This is why at least one of your backups should be offsite.
You could get hit by other, less obvious kinds of malware at the same time. The ransomware’s main purpose could be to distract your IT department from something else, such as persistent code that will sit in your systems for months, siphoning data to someone else’s server.
The most publicized attacks hit big organizations like city governments and hospitals. No one is safe, though. Botnets probe system after system, looking for weaknesses or sending out phishing emails. Criminals think small businesses are less well protected, and they’re often right. Collecting a lot of small payments can give them a steady source of income.
The fallout of ransomware targeting
A lot of the newest ransomware is dual-purpose. It not only encrypts your files, but also sends the originals to a server that the perpetrator controls. If these files contain valuable or sensitive data, such as business records, the attacker gets a copy of them while your attention is distracted. You can recover your files, but you can’t undo the data breach that happened at the same time.
If you’re hit by ransomware, you usually have to assume that the attacker has gained access to the content of your files. Dealing with the consequences of data theft often costs huge amounts of money. The damage to your business’s reputation can be the worst part.
Having to pay someone to get your own files back is never a good thing. Sometimes it seems easier than the alternative, especially if the time lost can be deadly. But once you pay off a crook, you mark yourself as a target. It’s likely you’ll be hit again. This doesn’t mean you should never pay, but it should be a last resort.
An up-to-date backup and good system security are the best defenses. Make sure everyone in your organization knows not to act on suspicious email messages; they’re the most common way to get infected. It’s better to be protected than to lose your files and money.
We offer expert IT support in the Winston-Salem and Greensboro area, with an emphasis on top-notch security. Talk with us to learn how we can help keep your systems safe from ransomware and other threats.