Ransomware – What It Is and How To Avoid It

There have been several high-profile cases recently about organizations being hit by ransomware and having to pay the criminal hackers money to regain access to their data. Here are just a few of the most recent cases:  a hospital in Kentucky, a hospital in Hollywood, a school in New Jersey, and a school in South Carolina. But what is this “ransomware” stuff, why is it so effective and, most importantly, how can you protect you and your company from it?

Imagine if someone breaks into your house and, instead of just taking everything, they put all of your valuables into an uncrackable safe and then gave you the option to buy the combination from them. Well, that’s what ransomware does to your data. From a technical level, ransomware is just a virus and once you are infected (via an email attachment, a poisoned web site, etc.), it encrypts whatever data it comes across and then it tells you that if you ever want to see your data again, you’d better pay up. This encryption makes all of the data files on your computer (or your servers) unusable to you. Fun, huh?

Unfortunately, ransomware is very effective. In most cases, the technology the criminals use is high-quality encryption and you will not be able to recover that data without the decryption key that only criminal “hacker” possesses. In fact, the FBI has been quoted as saying that in most cases, companies should just pay the ransom. (Whether the FBI CAN’T actually defeat the encryption or just doesn’t want us to know that it CAN is a whole different conversation.) It’s really just best not to get infected.

So how do I avoid getting hit with ransomware? There are a few very effective steps that you can take to protect yourself and your company.

  1. First, of course, is top-notch anti-virus/anti-malware software that automatically updates itself and runs all the time in the background. However, these defenses have the problem of being largely “signature-based” – – meaning, they have a unique signature they recognize for each virus and if a new strain is released that they don’t yet have a signature for, the anti-virus software won’t recognize it. This is very effective against existing, known viruses but leaves a lot to be desired on the first day of a new virus.
  2. A proactive defense should be used in addition to the reactive anti-virus software by using a tool that checks everything you click on and every website you go for suspicious behavior and also compares this to a known database of “bad” places. This database gets updated constantly (unlike the anti-virus signatures which get updated daily at best) so if something is discovered at 9am, by 9:15am you are protected from it. These tools often have the added benefit of providing web content filtering for your staff (so you can stop things like Facebook, etc. for those people that don’t need it for work).
  3. And this is the most important – – user training.       Security and IT professionals know that there’s only so much you can do from a technical level to protect a company – – the employees have to been involved and have to know what to look out for. (See http://www.1point.net/why-security-awareness-matters/ for more information on the importance of training your staff.)  Simply put, it is a critical component.  It doesn’t matter how many locks you put on the door if someone inside the house opens the door for the intruder.

And if you do get infected, backups are critical. With proper backups in place prior to any infection, you can protect your data from the dangers of ransomware. Getting infected will still be a costly and annoying recovery process as you rebuild the affected machines, deal with lost productivity and the possible hit to your reputation but your data will be recoverable and you can also avoid paying the ransom.

Unfortunately, these types of viruses are on the rise because they are very profitable for the people that create and distribute them. It’s very important that your company puts the necessary defenses and training in place to avoid becoming the next example of a company paying a hacker’s ransom.