November 3, 2016 / By Jamie Marshall
A guide to Ransomware
One of the latest trends in the world of IT security is Ransomware. Ransomware for those of you that haven’t heard of it is the buzz word given to the latest style of virus attacks targeting businesses and their data.
The Aim of Ransomware is to encrypt the data of an infected machine. It then kindly leaves a ransom note in the infected folders with its demands for safe decryption of your data, hence the term Ransomware.
So firstly how can you protect against this trending threat?
- One of the most important pieces of protection is to make sure you have the correct backup methods in place. This will ensure if you do become a victim your data is able to be safely recovered from a backup, once the infection has been removed. This ensures that you cannot be held to ransom for the data
- Equally important is to make sure you have the latest updates and security patches for your Anti-virus software. Most of the manufacturers have now released updates/patches which help to stop the Ransomware infecting your devices in the first place
- Additional network monitoring software can be invested in to assist in blocking the Ransomware in the first place. Heimdal Security (heimdalsecurity.com) specialize in network security that runs above your traditional Anti-Virus software. They aim to monitor all network traffic as it leaves/enters the network to block anything that might not have been picked up by your Anti-Virus. They also aim to patch holes that AV updates haven’t yet been released for, reducing the time exposed to new risks
- Educate staff to identify the potential threats and report them in the correct way if required.
Unfortunately we know that there is no 100% protection against any threat, so what can be done if you are infected by Ransomware?
- Report the infection as soon as possible to the correct department. This can help ensure the infection is isolated so it doesn’t spread to other devices and areas of the network
- Have the backups checked to ensure you have a clean backup of the encrypted data. Once confirmed, remove the infection and restore the data
- If you don’t have a clean backup of the data then you will need to look for the Ransom note on the infected device. This will help to identify the exact strain of Ransomware you have. Some strains have now had their encryption deciphered and if you have one of these strains then with the correct decryption tool your data can be recovered.
- If you are unlucky enough to have a strain without a decryption tool then you have a choice to make. You can follow the instructions in the Ransom note in the hope of recovery. We would never recommend doing this, though we do know of a few instances where companies have done this as a last resort. Instead we would recommend that if you can survive the data loss, you delete the encrypted data and try to recreate it in other ways, i.e. Update old copies, go through emails and recover attachments, etc
If you would like to discuss either your backup solutions, security or would like assistance after being infected with Ransomware please feel free to contact me for a chat.
on 0113 2251793.