Ransomware

What is ransomware?

Ransomware is an unusual type of threat because it holds your files for ransom while leaving your systems essentially otherwise operational. A piece of malicious software enters your network and applies an encryption algorithm to your computer files, rendering them unavailable. The files are still there, and you can see them in a file structure, but you will not be able to open them with any program. Additionally, ransomware affects not just the device you are using, but any connected storage devices and mapped network drives. As a result, this type of malware poses a serious threat to your information systems. One infected device can bring your operations to a standstill. The person or group behind the attack provides information as to how to submit a payment, and in exchange, they will provide the decryption key. The attackers demand payment in some form of cryptocurrency, in order to maintain anonymity.

Some victims of ransomware attacks have not been confident in the integrity of their data backups and have paid the ransom to obtain the decryption key, and others have paid the ransom and obtained a key which did not decrypt the files. Both situations can be very expensive to your business.

How does ransomware gain entry to my network?

The purveyors of ransomware can inject the malware into seemingly innocuous documents, like invoices or estimates, or they can use internet links in an email to direct a user to a site that automatically starts a download and installation of the program. Documents containing macros provide an excellent opportunity to run the installer package without requiring direct interaction from the user. Some forms of ransomware take advantage of unpatched and unsolved vulnerabilities in the configuration of your devices and systems.

What are the most effective steps I can take to protect my business?

1. Deploy updates and patches in a timely manner. The operating system and application patches should be tested as soon as they are available, and applied to your systems as soon as your team can verify compatibility. Patching vulnerabilities will reduce the number of ways ransomware can execute itself in your systems.

2. Ensure that your technology team has an effective backup and restore process, and that they are able to fully test a restore from backup. Having a backup and restore procedure that you have validated will allow you to return your business to normal without paying an exorbitant ransom, still running the risk of not being able to decrypt the data.

3. Know the devices on your network and implement the same security procedures on any employee-owned devices touching your network that you have implemented on your business-owned devices. Maintain separate profiles on mobile devices, if possible, allowing only the business-facing profiles access to your network.

4. Disable SMB v1 on all devices on your network. SMB v1 is an outdated protocol and was the window that the creators of WannaCryRansomware exploited a few years ago. There may be some favorite processes that fail with the disabling of this protocol. If this is the case, you will need to perform a risk assessment against the cost you will incur with a ransomware attack.

5. Ensure that all your employees understand the hazards of active content like macros, and that they exercise caution in using them. Train them as well not to execute macros on documents received from external sources. Common documents like invoices do not need macros enabled, and in fact, such documents should be saved without active content before sending. If necessary, ask your vendors to send only documents without active content. Ensure as well that the appropriate teams understand the billing and payment cycles, and that they become suspicious of out-of-cycle documents and requests.

6. Train employees to be extremely cautious about clicking on links in emails. Messages with links unrelated to your line of business, messages themselves unrelated to your line of business, and messages with spelling and grammar errors should raise suspicions. Your employees should also not use links in emails to connect to websites of business contacts unless the employees have verified with the sender that the link is expected, and an explanation of the necessity of the link. When calling contacts to verify the validity of links in emails, employees should use their own contact source, such as a corporate address book, rather than a phone number in the message that contains the link. A message with a malicious link may also contain a compromised phone number.

Can I recover from a ransomware attack?

Possibly, but it will not be a pleasant process. Your best chance of recovery is a restore from a backup, and you will lose the records of transactions that occurred since the last iteration of your backup process. As explained above, paying the ransom may or may not produce a working decryption key. Attackers inexperienced in encryption and decryption have provided decryption keys which failed to release the files back to the owner. Prevention is going to serve you much better than hoping for a recovery, so take the necessary steps now to reduce the likelihood of infection.

Know Someone Suffering From Bad IT Support?

Palindrome Consulting Wants To Help!

Palindrome Consulting
4.9
Based on 12 reviews
powered by Google
Elizabeth Mitrani
Elizabeth Mitrani
17:23 06 Aug 19
Palindrome Consulting was key in establishing my business and helps me keep it running. They are the consummate... professionals, incredibly knowledgeable and are always available to help. They have gone above and beyond to ensure that I was up and running quickly and that any issues that may arise on my end or dealt with immediately. I highly recommend Palindrome Consulting.read more
Moshe Rubinstein
Moshe Rubinstein
14:57 28 Jun 19
They are there every step of the way. Responsive and timely. The full service mentality mixed with the problem solving... abilities, is what makes them an easy choice.read more
Benjamin Wainberg
Benjamin Wainberg
14:09 28 Jun 19
Palindrome Consulting is customer centric. For Palindrome Data Safety is paramount; they keep their and our systems... updated with the newest technologies and are not shy at changing to better alternatives. Their platforms are always running and in the odd case there is an event, their technical team has an awesome response time.read more
Copier Man
Copier Man
13:56 28 Jun 19
We have been using Palindrome since 2005. They make my company feel like we are #1 all the time. Expert staff are... always available to help all my users all around the country.read more
Nelson T
Nelson T
20:32 25 Jun 19
Palindrome Consulting has proven itself time and time again to be the epitome of professionalism and technical... expertise. They take the time to listen to your needs and then apply their wealth of technical knowledge to create truly innovative and robust solutions. They truly deliver piece of mind.read more
Next Reviews
Palindrome Consulting