Ransomware is an increasing problem for businesses of all shapes and sizes – not just large corporate enterprises. A new generation of piracy, ransomware not only holds your business hostage but can stop you from operating full stop. In its basic format ransomware stops you from using your computer and potentially your network. Simply put, it holds your files ‘hostage’, locking you out from all your files and often gaining access to your PC.
There are many different types of ransomware and differing ways of being attacked. Our guide will hopefully cover some of the common forms and how to protect yourself. Typically Windows-based computers are attacked but ransomware can affect any level of digital device including phones, tablets and networks.
So what is Ransomware?
Ransomware is malware which is installed to your device, usually in the background through a user clicking on a rogue link or opening a file attachment. There are numerous ways a device can be infected and most ransomware is automated, meaning it will begin working immediately.
An attack will usually target your pictures, documents, files and other data. Being notified of an attack can happen in a number of ways such as:
- Your files become encrypted
- Your files are renamed
- A ransom note appears on your screen which you cannot remove
- Your web browser is locked
- Your device’s screen is fully locked
There are lots of different types but the majority demand a ‘ransom’ in order for you to gain full access to your machine again. The reality is that there is no guarantee that payment will rid your machine or network of ransomware.
How can I be attacked with ransomware?
It may be common sense but many users forget the basics of good security protocols and and procedures. Users across your business may not always comply with your IT policies (make sure you keep staff updated and informed of the terms and conditions of their computer use – speak to us if you need help on developing a computer use policy). Some simple causes of ransomware include:
- Visiting untrusted websites
- Opening files and emails from unknown sources
- Opening files with inbuilt macros such as Excel or Word documents
- Using out of date software which isn’t supported
- Using a device on an infected network
What are Ransomware operators up to?
With so many people ignoring the basics of IT security, ransomware operators use unpatched software and the ‘open-door’ vulnerability that organisations provide to illicit criminal or malicious intent. As well as simply demanding money, which in many cases increases daily, they will delete files and important documents unless you pay. They can also access key personal data such as financial information which is increasingly easy to do with many operating systems using keychains and remembering passwords to banking, social networks and online shopping for example.
So how do we prevent an attack?
- Ensure you have the right levels of anti-virus software
- Get an expert to check your devices, network and operating systems
- Be safe at all times – know what you are visiting. Don’t click on links of anytime unless you trust the sender or website
- Ensure you have a computer use policy – train your staff on the importance of IT security
- Look for misspellings, typos and fake email addresses – read the headers of your emails
- Keep up to date with the latest ransomware attacks from Microsoft Support
- Don’t click pop-ups or try to close them down. Use Task Manager to assist in shutting down open windows and dialogue boxes. If unsure, ask an expert before you do anything else.
- Store your files in the cloud using a secure off-network storage service such as OneDrive
How do I get my data back?
- Clean your PC or device before you start to look at file and data recovery
- Ask professional advice if you are unsure – remember the saying ‘if you think paying a professional is expensive, then watch how much an amateur will cost you’.
- Contact Action Fraud – if you have made any payments for ransomware. Also inform your bank and the police so you have a crime reference number (you should also check with your insurance providers to see if you have a policy in place to cover lost data).
- If you use Windows, look at whether you can use the Windows Repair and Recovery site
If in doubt, ask an expert.
We recently helped a customer who had suffered a Ransomware attack. Their business, a 24/7 eCommerce website, was hit by ransomware through a malicious email that a member of staff opened. Within hours, their whole IT network was frozen with demands of £££s being asked from the attackers. We had previously installed a back-up and recovery solution for them, so as well as cleaning their entire network, we were able to isolate departments, recover their data and keep them operating while we worked through the whole site. As a result they were back online within hours not days or weeks and without payment.
We’re experts in data recovery, security and risk prevention. To learn more please ask us for a free audit of your current IT setup.
Useful reads: https://blogs.technet.microsoft.com/mmpc/2016/05/18/the-5ws-and-1h-of-ransomware/
Contact us to discover how we can keep you safe.
Images from Microsoft.