What is Ransomware & What Should I Do?

What is Ransomware?

What is Ransomware? is a question we have been getting asked a lot recently for obvious reasons. Ransomware comes in many variants with the latest highly published variant to be released known as WannaCrypt. WannaCrypt spreads using a recently discovered vulnerability in the system used by Microsoft Windows operating systems to access files on network shared areas.

More Info:
https://www.ncsc.gov.uk/guidance/ransomware-latest-ncsc-guidance
https://technet.microsoft.com/en-us/library/security/ms17-010.aspx

What does Ransomware actually Do?

Ransomware works by encrypting data on a computer that has been compromised. It then tells the user that their files have been locked and displays information on how much should be paid and the timescale for payment to be made.
Payments are nearly always made in Bitcoins. Although there have been a few occasions were Ransomware creators have requested iTunes vouchers. According to reports from Symantec one of the big players in IT security the average Ransomware payout in 2016 was around $679. The last time we checked  Wannacrypt had generated it creators over $70,000. We reckon this will easily reach over $100,000

Sources:
http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/ISTR2016_Ransomware_and_Businesses.pdf

Does Ransomware just affect Windows Devices?

Customers regularly ask us “Ransomware just affects Windows devices, right?” Wrong Ransomware affects all types of devices, Windows, Apple, Android and Linux. Although there have not been as many documented outbreaks on the Linux platform.
As well as targeting devices. Since the middle of 2016 there has been a marked increase in the number of business websites targeted in Ransomware attacks.

Sources:
http://blog.trendmicro.com/mobile-ransomware-fast-growing-yet-unknown-threat/
https://blog.kaspersky.com/mobile-ransomware-2016/12491/
http://blog.trendmicro.com/ransomware-is-a-growing-risk-on-macs/
https://www.business.com/articles/businesses-beware-5-new-ransomware-viruses-that-target-websites/

Does antivirus provide any protection from Ransomware?

Given the large number of successful infections it’s clear that traditional AV software on its own doesn’t provide protection from Ransomware attacks. That’s why you will find all vendors now come with multi factor malware protection as standard. Disregarding the conspiracy theorists one thing you can be rest assured of is that all the major vendors are doing everything they can to slow the spread of these infections. It’s not good for their business model if the security software they provide can’t stop these types of threats.

If my Anti-Virus software doesn’t catch it, what can I do?

Whilst there is no definitive fix to stop yourself or your organization from being affected by a Ransomware attack. There are several very simple steps that you can take to dramatically reduce the risk to you or your organization.

1. Ensure you have a reputable Anti-Virus/Malware solution on your PC, MAC and Mobile Devices. There are a lot of different vendors out there. No matter what anyone tells you, all the major vendors pretty much provide the same level of protection. Were one is good in one area another is better in another area. Here at AOA we regularly change our opinion changing vendor every few years.

2. Ensure your Windows, Apple, Google, Linux devices are fully patched, On Android devices depending on your device vendor you are likely going to have to wait for them to release the most recent updates.

3. Backup, Backup, Backup.

Did I mention you should Backup your data having now dealt with over 30 Ransomware incidents, and far more data recovery incidents than I would like. There is nothing that will ensure you are back to business as usual,  more quickly than having a working backup. Its not good enough to say “I backup my data.”

  • Does your backup actually work?
  • Have you tested recovering files from it?
  • If you have database on your systems are you sure you are using the correct method to back it up?
  • Do you actually know how to recover files from whatever backup method you use?
  • If you are a business do you have a business continuity plan, to get your business back up and running again?

Recent true  life example:

One of the most recent incidents we have dealt with was for a non AOA customer who actually took a backup of their data fairly regularly to an external hard disk. Unfortunately for them when the Ransomware hit their non Windows device the external drive was plugged into it and it was subsequently encrypted as well.  The customer ended up losing over a month of work. And that was only because they had recently filled another drive so had purchased a new one. Had it been a month earlier they would have lost everything.

AOA would recommend that all customers follow the 3-2-1 Backup strategy.

  1. Keep at least three copies of your data
  2. Keep the backed-up data on two different storage types
  3. Keep at least one copy of the data offsite

You can find out more about this recommended solution here:  https://www.backblaze.com/blog/the-3-2-1-backup-strategy/

In Conclusion:

Whilst there is a lot of press coverage about Ransomware at the moment. It appears that end users and and senior management are continuing to stick their head in the sand and pretend it won’t happen to them. Here at AOA we have had crying parents who have lost all of the photos of their kids and small business’s who have lost ALL of their business data. It is not a great message to have to say we can’t get their files back (well not at the moment). Hopefully in the future methods will be found to un-encrypt these files.

Some People Say “They should have just paid the ransom” There are plenty of cases were people have paid the ransom fee and not got their files back. AOA would never recommend paying the ransom fee.

Your best defense is and always will be too:

  1. Keep AV/Malware software up to date.
  2. Ensure you patch your Operating System.
  3. Have multiple backups in multiple locations.

If you have any questions regarding your Data Backups or how to deal with Ransomware then please do not hesitate to Get In Touch.

By far the quickest way to contact AOA is by using our contact form. As we are extremely busy through the day. Using the contact form method we can deal with multiple queries at a time via email and phone. Here at AOA we don’t hide the fact that we are small company.  In fact we are extremely proud of it.  Being small means we give a far more personnel  service to our customers and know each and everyone personally  But it does mean we can’t always keep up with the response times of the bigger companies. We  strive to get back to all customers in no more than 24hrs for non urgent requests. and have 99% success rate in doing just that. In real terms our non urgent response time is actually closer to around 6 hours.

Our external reviews both on Trustpilot and Facebook show how our customers feel about the services we provide.