Ransomware has proven to be phenomenally effective at producing a fortune in ransom payments
for its nefarious authors. It’s been estimated that in late 2013, over a span of just three months,
the infamous CryptoLocker virus raked in nearly $30 million in payments. The astonishing
“success” of ransomware makes one thing certain: It’s only a matter of time before the next form
of malicious ransomware strikes. There are steps you can take to prevent an attack, and a few
ways to get your data back if your systems become infected. The first step is knowing what
Ransomware is and the recent forms it’s taken to extract payments from its many victims.
Ransomware is a type of malware that prevents users from accessing their data until they pay a
ransom. Most ransomware viruses are triggered by clicking a link in an email or opening an
attachment. When combined with phishing techniques, these emails may seem like normal
correspondence from a business partner.
Recent Forms of Ransomware
Ransomware in its various forms has been around since 1989, and it shows no signs of slowing
down. The problem has gotten worse in recent years due to the popularity of mobile devices and
anonymous payment methods, like Bitcoin, which make it easier for cybercriminals to cover their
tracks and evade law enforcement.
How to Prepare for a Ransomware Attack
It’s important to warn employees about clicking on suspicious attachments, but they may fail to
adhere to the policy or simply be fooled by a well-targeted phishing attack. Additionally, while
firewall protection and security software are crucial components in a ransomware-prevention
strategy, they won’t guarantee protection. When prevention methods fail, the best way to
regain access to your data is by having a backup plan in place.
Since the latest version of your files may be affected by the virus, a backup solution with a
versioning feature is necessary. It allows you to roll back to a specific date before your
systems were infected. Although ransomware will eventually make itself known to you, the virus
can take hours or days while it spreads and encrypts your files before sending you the ransom
message. On shared drives, this is a huge problem when suddenly, not only are your files
unusable, but creating new ones results in more infected files. The only way to get things back to
normal is to roll back to a complete, clean set of files that was backed up before the initial
infection took place.
This is where the frequency of your backups becomes a key component of your recovery
strategy. The more frequently you back up, the more recent your recovery point can be.
Having automatic, continuous backups also ensures data protection with minimal human
intervention. Depending on the nature of your business, it may be worth the peace of mind
and risk reduction to have more frequent, continuous backups.
An added benefit of using a backup plan as part of a prevention strategy is that it also protects
you from other common causes of data loss, such as server or disk failure, natural disasters
and human error.
While any data recovery effort costs time and resources, paying a ransom might be an even
bigger risk since it doesn’t necessarily guarantee you’ll get your data back. You’re essentially
counting on the trustworthiness of thieves to give you the encryption key after they’ve taken your
money. With a complete backup of your data that includes an earlier version of your system
before it became infected, you stand a very good chance of recovering most of your data without ever
having to pay a ransom.
5 Steps to Take if Your Systems Become Infected
If you have a comprehensive malware-prevention strategy in place and a backup plan
is part of it, here are the 5 steps you should take if your systems become infected:
- As soon as you’re aware of an attack on your computer, file server or network, immediately shut
down all file sharing activity.
- Use your antivirus software to determine where the infection happened. If you can’t determine
where the infection originated using antivirus software, right click on an infected file to find out the
last user or computer to make changes to the file. This will tell you where the infection originated.
- Assess the extent of the infection and the damage.
- Remove the virus by deleting all infected files.
- Use your backup application or dashboard tool to recover clean versions of the infected files.