What you need to know
CryptoWall and the CryptoLocker variant is ransomware, malicious software that encrypts and holds your data hostage for ransom. If you don’t or cannot pay the ransom, your data is gone forever.
The reality is that in today’s world even ordinary small businesses are constantly under attack by hackers. You may think that you don’t have any data that would be valuable to a hacker, but as Crypto has taught us they are now targeting data that is valuable to YOU which makes your data valuable to them.
If they can get access to it, they “steal” it, hold it hostage, and sell it back to YOU. Using new anonymous payment methods like bitcoin, they have found a way to build a highly automated business that simply sells us our own most valuable business data, with little chance of being identified or getting caught.
The FBI recently published a warning to alert the public about a recent rise in the spread of ransomware in the U.S. Click HERE to see FBI alert I-062315-PSA.
Q&A on malicious software known as ransomware
Q. How do I know if I already have ransomware?
A.You may not know until it is too late. Some users have reported that the first sign of trouble is poor performance; basically the computer starts running slowly while the ransomware begins to encrypt your data files. When you try to open an encrypted file the computer will say that it can’t be opened and you will eventually be prompted to make a ransom payment to obtain the private key to decrypt the files. If you don’t make the payment, you will most likely never be able to open these files again. The computer and network can run very slowly during this process because the ransomware will typically try to infect files on all attached hard drives and servers.
Q. How does a computer get infected with ransomware?
A. Ransomware can be installed by simply opening an infected email or visiting a hacked or infected website. Users can be tricked into clicking on seemingly normal or innocent links like a shipment tracking link, or an advertisement and the software will be installed without them knowing
Q. Doesn’t my anti-virus software protect me from this?
A.Probably not, Crypto is sometimes spread via a virus, but Crypto is technically not a virus. Crypto is a piece of software that can trick users into inadvertently installing it via accessing an infected email attachment, website or download. The bad guys are constantly creating new variations of ransomware and we are somewhat vulnerable to them until the security software companies identify the new version as a threat and release an update to prevent it from installing.
Q. What should I do if my business is infected with ransomware?
A.If you are infected and presented with a ransom request you have a tough choice to make, and not much time to do it. Most variants of Crypto ransomware will give you a very limited time, typically 72 hours to make the payment. The alert displayed on your computer typically says something like this:
“… we will destroy the key within 72 hours. After that nobody will ever be able to restore these files. To retrieve the private key you need to pay .5 bitcoins. Any attempt to remove or damage this software will lead to immediate private key destruction by our server.”
At this point your choice is to try to pay the ransom, with no guarantee that they really will give you the key or that it really will decrypt your files, or to restore from backup. We suggest that your first step is to disconnect your network from the internet and contact your technical support provider immediately. They will help you determine the extent of the infection and the viability of being able to restore those files from backup.
Once you are infected, your only choices are to pay and hope for the best, to restore from backup, or to accept that your data is lost forever.
There is no “cure” for the Crypto ransomware attack; once it encrypts your files the damage is done. The most important thing to focus on is preparedness and prevention, which is the goal of this notice.
Every business and every network is different and although we can’t give specific recommendations without knowing more about your situation, here are some general suggestions to get the conversation started.
The following list outlines things every business owner should be confident are being addressed on an ongoing basis, to protect their data and protect the business.
- Awareness:Share this alert with all employees and let them know that protecting your business from cyber-attacks is everyone’s responsibility and that they need to be aware and cautious with all internet activity. Lack of awareness should not be an acceptable excuse for putting your business at risk.
- Security Software:Make sure that you are running top rated AntiVirus and AntiMalware on all computers. Keep in mind that these programs need to be configured properly and maintained to the latest version and threat definitions to be effective.
- Network Security:Make sure that your network is protected by a dedicated hardware based firewall with current certifications and updates. Not all firewalls are created equally and you get what you pay for. Ask your IT provider for an assessment and recommendations to be sure your firewall includes advanced web protection and ongoing updates to protect against the latest cyber threats. Also review all access to your network from wireless devices and remote locations. Make sure that there is no unauthorized access to your network.
- Limit Access to data:Crypto can’t encrypt files that it doesn’t have access to. Review your security settings and make sure that users only have access to data that they need, and do not have privileges to install software. Lock down network shares and move “old” data that you want to save but doesn’t need to be modified into ‘read only’ shares, so it cannot be changed.
- Security Patches and Updates:Crypto and other malicious programs prey on systems that have known security flaws that have not been patched. Ensure that all systems on your network are running the latest versions of software. This includes Windows Updates and security patches, Office updates, browsers and browser plug-ins, Java, Adobe and other PDF software etc. Your business should be protected by a comprehensive update system or service that always keeps you up to date since these programs are constantly being patched and updated for security. This is a constant management task, not a one-time fix.
- Professional IT Management and Support: Consider using this notice as an opportunity to start a discussion with your IT support provider. Make sure that they are prepared and comfortable helping you prevent and recover from a cyber-attack. Ask them for their recommendations for the best tools and techniques to protect your data. Make sure that your IT environment is being professionally and proactively managed and monitored.
The reality is that in today’s world even ordinary small businesses are constantly under attack by hackers. You may think that you don’t have any data that would be valuable to a hacker, but as Crypto has taught us they are now targeting data that is valuable to YOU which in turn makes it valuable to them. If they can get access to it, they'll “steal” it, hold it hostage, and sell it back to YOU. Using new anonymous payment methods like bitcoin, they have found a way to build a highly automated business that simply sells us our own most valuable business data, with little chance of the hacker being identified or caught.
By making sure that your business has the latest security technology AND good data backups, a ransomware infection can be easy to clean up and have very limited impact on your business.
If you would like a confidential independant review of your IT security and data backup systems, call White Mountain IT at 603-889-0800 for a free consultation.
Infographic by Veracode Application Security
All content is subject to change and is for informational purposes only and does not constitute advice or recommendations.
Please contact your professional IT support provider and conduct your own research to determine the best approach or strategy to protect your business from cyber-attacks.