Ransomware is the Trojan Horse of data destruction. It’s a vicious type of malware that creeps into your computer system and literally paralyzes it, locking up your files, videos, business documents – everything on the hard drive, really – and then demands a monetary ransom to unlock it. It’s a serious type of cyber extortion that has been around for years but has seen a recent uptick in activity, according to the Federal Bureau of Investigation.
Most malware of this type manages to encrypt or encode all of the files on infected computers. Some of these programs often claim to be from governmental or even law enforcement agencies and use scare tactics to warn the user that illegal or compromising material has been found on the computer.
Owners then receive a message giving step-by-step instructions on how their data can be retrieved: submit payment to obtain the decryption key – or code – that will unlock the data. According to the FBI, the amount of money requested varies from a few hundred dollars to several thousand dollars and payment is extracted in a number of ways, though usually by an anonymous online payment method such as Bitcoin.
Paying up is the tricky part, says security software company Symantec. There’s no guarantee that the cyber criminals will unlock the compromised computer if money is received. Symantec says the threat often occurs with stealth-like precision, distributed mostly through spam email containing infected attachments but also through malicious websites (or even legitimate websites that have been compromised), infected advertisement banners, peer-to-peer file sharing websites, and via pirated and/or illegally acquired software.
Ransomware arrived more than a decade ago but was relatively ineffective, according to MIT Technology Review. That changed in late 2013 with the arrival of Cryptolocker, which managed to infiltrate Windows computers and freeze everything in the computer systems in a half hour.
The FBI issued a report in January 2015 warning Americans that the crime poses a threat to everyone, not just home computer users.
“Businesses, financial institutions, government agencies, academic institutions, and other organizations can and have become infected with it as well, resulting in the loss of sensitive or proprietary information, a disruption to regular operations, financial losses incurred to restore systems and files, and/or potential harm to an organization’s reputation.”
Some security researchers predict ransomware attacks on smartphones and tablets will pick up in 2015, since these electronics often contain personally important photos and videos.
And the same extortion rules will apply: Pay up or say goodbye to your data.
What To Do If Your Company Is Infected
So what can be done if you or your company has been infected? Cyber crime experts recommend:
- Do not pay the ransom. While it might seem like the best way out, it merely encourages and bankrolls the criminals without guarantee of getting your data back.
- Remove the impacted system from the network and then remove the virus from that computer and/or server.
- Restore impacted files from a known backup, which is the fastest way to regain access to data.
Ransomware Prevention Tips
As for avoiding being a victim altogether, Symantec suggests a few safeguards:
- Make sure your computer is armed with updated antivirus software.
- Keep all software up to date. While updates might seem like a hassle, software companies often release update versions after adding in additional security safeguards for newer viruses.
- Conduct regular system backups and store the backed-up data offline.
- Be careful about where you click and what you install – don’t install programs from untrusted sources. Better yet, only allow your IT team to have installation privileges.
- Back up data regularly on a separate hard drive or use a cloud service.
- Educate employees on what to do when they receive emails from unknown senders with suspicious attachments or links. Don’t forget to tell them the why behind these precautions. Explain what will happen if the company is infected with ransomware or any type of virus.
- Use a pop-up blocker on browsers.
- Block attachments that might be a threat by scanning inbound emails.
- Restrict user permissions for the share or the underlying file system of a mapped drive to provide limits to what the threat has the ability to encrypt.
- All rules apply to your phone and tablet as well, and only download mobile apps from the official app store for your devices.
“Ransomware could be just a minor nuisance if people could just restore the data from the backup,” Robert Lipovsky of security cyber provider ESET told MIT Technology Review. “Even though the advice is quite simple, lots of people don’t listen to it.”
If you have been hit by a ransomware scheme or other cyber fraud activity, report it to the FBI’s Internet Crime Complaint Center.
Additional Resources
- 10 Things Business Owners Must Know About Cyber Security
- Krebs on Security Blog – Latest news in online security. He also has a great list of other cyber security blogs in the sidebar.
- U.S. Computer Emergency Readiness Alert on CryptoLocker
© 2015 Generational Equity, LLC. All Rights Reserved.
*****
If you want to learn other ways you can enhance your company’s value and make your business “buyer ready,” visit Generational Equity’s white paper library that’s full of tips about preparing your business for sale.
