Recently, one of our clients was a victim of a cyber attack. The cyber criminals encrypted their server and backup files with ransomware and demanded a $4,500 ransom. The client’s computers were down for 4 days. They had to retain a computer security firm and negotiate with the criminals to release their files.
Ransomware is malicious software that cyber criminals use to hold your computer or computer files for ransom, and then demand payment from you to get them back. Ransomware is becoming an increasingly popular way for malware authors to extort money from companies and home users alike.
One specific ransomware threat that has been in the news lately is Cryptolocker. The perpetrators of Cryptolocker have been emailing it to large numbers of people. There are many other variants of ransomware. The malware not only spreads by email but also via Remote Desktop Protocol (RDP) ports that have been left open to the Internet. RDP ports are normally opened in a network environment where remote access is required by employees. Ransomware can also affect a user’s files that are on drives that are mapped, which is to say they have been given a drive letter (e.g. D: E: F:).
Those computers that have been affected have had a large number of files encrypted. These files are primarily popular data formats such as Microsoft Office (Word, Excel), Adobe programs, iTunes or photo viewers.
What can you do about it?
Here are a few tips that will help you keep ransomware from ruining your day:
1. Back up your data
The single biggest thing that will defeat ransomware is having a regularly updated backup. By having a current backup, you can replace all the files that have been encrypted. Make sure the backup method you choose allows for removal of the backup off site. Acceptable methods would be a cloud based backup system or tape backup.
2. Scrutinize emails before opening them
Be wary of emails from unverified sources. Never open an email from a sender that you do not know, especially if it contains an attachment. You can determine if there is an attachment before opening by looking for a paperclip icon. Also, never open any website link embedded in the body of the email.
3. Filter certain file attachments in email
If your email system has the ability to filter files by extension you may wish to deny emails sent with certain file extensions. Those file extensions that should be blocked on incoming emails are; exe, bat, com, zip, pif, jar, hta, scr, js and cmd. These file extensions are essentially the file type of an attachment to an email. They represent the letters located to the right of the period in a file name.
4. Patch and update your software
Malware authors frequently rely on people running outdated software with known vulnerabilities. Some software vendors release security updates on a regular basis. Enable automatic updates if you can or go directly to the software vendor’s website.
5. Use a reputable security suite
It is always a good idea to have both anti-malware software and a software firewall to help you identify threats or suspicious behavior. Also make sure that your security suite is updated frequently and run on a schedule.
6. Disconnect from WiFi or unplug from the network immediately
If you suspect that ransomware has been installed on your computer, even if you have not received the characteristic ransomware warning screen, you must immediately disconnect your computer from the network. This way, you will stop the encryption process on any of the network drives.
If you need any assistance with this, please let us know.