High in the list of system managers’ nightmares is a message on the screen saying, “Your files on this computer have been encrypted. Please send us payment if you want to get them back.” That means the computer has been attacked by ransomware. Government institutions, hospitals, and large enterprises have fallen victim to it. The costs can be huge, whether you pay the amount demanded or not.
A 2016 attack on the Hollywood Presbyterian Medical Center disrupted patient services, forcing the institution to pay rather than risk lives. In 2018, ransomware hit several systems run by the City of Atlanta. It cost about $17 million to recover the lost data.
How ransomware works
Ransomware has become popular because it gives criminals a direct source of money. They don’t have to steal data and then sell it. There are even ransomware kits available on the black market which let people get into the racket with hardly any technical knowledge.
The first step is to infect a targeted site. The most common way is to send an email message with a link or attachment. If the victim opens it, the attachment installs software on the machine. Sometimes it copies itself to other machines on the local network to have a more devastating effect.
Once the malware is in place, it starts encrypting files with a key known only to the attacker. Sometimes it aims for every file it can touch, and sometimes it goes for the highest value files. If there’s a backup drive attached, it will do the same there. Then it presents a message on the screen, telling you the following:
- The files have been encrypted in a way that you can’t recover.
- You need to send a payment, usually in Bitcoin, to an anonymous address.
- Once you’ve paid, the attacker will decrypt your files.
Often there’s also a threat that if you don’t act quickly, more files will be encrypted and the amount demanded will go up. The goal is to rattle your nerves and make you decide hastily.
Ransomware may also steal copies of the files, and the intruder will check if there’s any valuable information on them.
What to do
If you see a ransom note, the immediate question is to pay or not. In the large majority of cases, paying isn’t a good deal.
- You may have a recent backup of the files that has stayed safe. After removing the ransomware, you can restore the files.
- You won’t necessarily get the files back if you pay. The operation may have been shut down. The ransomware operator may have never intended to restore the files or may not be competent enough to do it.
- If you pay, you’re financing crime and declaring yourself a willing victim for future attacks.
Before restoring any files, get the ransomware cleaned off your machine. Otherwise you may have to do the job over again. Also check other systems on the local network for infection.
If you have a good backup, you can restore the files. Some ransomware has been cracked, so even if you don’t have backups, you may be able to get everything back without dealing with a criminal.
If none of those options work, you face a difficult problem. You can try to reconstruct the files from their sources, which is uncertain and time-consuming. You can pay, which is problematic for the reasons already mentioned.
How to avoid being a victim
The best thing is to be prepared so that you’re less likely to be hit by ransomware and more able to recover if you have to. DSS Management can help you on both points, as well as helping you to recover if you’re victimized.
Frequent offsite backups are an important form of protection. The more regularly your data is backed up, the smaller the window of loss you face. Our network management and monitoring services will help to keep your systems safe from ransomware attacks and other malware. We’ll make sure your network is backed up so that getting back to normal operations is just a matter of cleaning up and restoring the files. You’ll be prepared not only for ransomware but for physical disasters.
How to protect yourself
1. Ensure all systems are updated and patched
2. Ensure all systems have antivirus, anti-malware and endpoint protection
3. Ensure your firewall(s) are updated and patched.
4. Ensure you have Backups
5. Provide ongoing security awareness training for your employees.
Get in touch with us for a consultation and find out how we can simplify your IT issues and strengthen your systems for a more reliable and secure network.