What I Wish Everyone Knew About Ransomware

Click The Arrow For The Table Of Contents
Closeup keyboard with skulls. Infected computer.

We are all aware of the dangers that viruses pose.  What you need to know if there is one classification of infection you should possibly fear above all others.  This type of contamination is Ransomware and ransomware on the rise.

What is Ransomware?

Ransom-ware is a type of virus that encrypts all of your files, so they need a unique password to access them.  They then hold you ransom for this password, hence the name.  The encryption processes these viruses use was initially designed to protect your files from unauthorised access.  They are super secure and unbreakable. Thus there is no way to gain access to these encrypted files without the password they hold.  The only other option is to restore a previous unencrypted version of the data from a backup.  It is therefore essential to make sure you have a reliable and resilient backup in place.  Even with a backup, it will be disruptive and costly to correct so you should consider using preventative measures like the listed ones below:

The fascinating backstory:

The first ransomware attacks on companies attacks we witnessed asked for £250,000 as the ransom.  For almost any small or medium business, this sizable ransom would never be an option even if they were willing to pay to get their data back.  Those behind the ransomware attacks soon realised this, and so reduced the amounts asked.  It is not more common to see ransom requests for around £3000.

In the early days, if you did pay the ransom, you would often receive fantastic customer service from the cybercriminals attacking your system.  They realised that for people to be willing to pay the payment, they would need to have a reputation of honouring their word. So, they had tech support available to help guide you through the whole process of unlocking the files.  They would also respond very quickly following successful payment.  All ‘hacking’ aside, it was an impressive service that I am sure improved their success rate.

These days though, you can buy the kit to release your ransomware attack for a few dollars on the dark web and so there are far more people behind these attacks than there ever has been.  Most are typical criminals that have little regard for honour and so the chances of actually receiving your password even if you do pay, is now highly unlikely.  We believe that by paying the ransom, you will be on a list of known people to pay and so makes you a bigger target for future attacks.  Let alone fund the bad guys, so you certainly don’t want to rely on just paying any ransom as your solution to the problem.

Regardless of who is performing the attack, they all request payment in the digital cryptocurrency of Bitcoin which is an untraceable virtual currency that is difficult to purchase at short notice due to routine security checks.  So even if you did want to pay the ransom, you might not be able to get your hands on enough Bitcoins to fulfil the ransom request.

At the time of the first ransomware attack we witness, bitcoins were worth around £200 each.  They are now closer to £5,000 each and at their peak value almost hit £15,000.  If only we had the foresight to see this and purchased a few Bitcoins as an investment! Doh!

How to Protect Yourself from Ransomware

Anti-Virus

Your first line of defence is your Anti-Virus system.  Ransomware will often team up with other viruses to initially gain access to your PC or to spread across your network.  Using a good, up to date anti-virus system won’t stop every virus attack but will minimise the number that is successful. The system we believe is the best at protecting against ransomware viruses is BitDefender EndPoint Security. This enterprise-grade system has proven itself to be reliable at reducing the number of successful attacks for our customers and minimised the damage should a virus make it into the network.  It utilises multiple components – Anti-Malware, Anti-Virus, Firewall and a Content filter to provide a comprehensive shield against all virus threats.  The smart part comes from the way each element works together should it spot virus activity.  For example, if the anti-malware component detects a potential threat, the content filter will stop that threat from being able to access the internet to neutralising its ability to be triggered and to spread. We provide BitDefender EndPoint Security from our centralised management system so we can monitor the protection status and threat detection. Which allows us to ensure that you are always protected and should a threat be detected, we can respond instantly to make sure no issues occur.

Local Admin Rights

No standard network user should need local admin rights.  The risk of having local admin rights is that if the user initiates a virus, it will be able to install and modify the local PC. Not being able to do this, will help reduce the ways a ransomware virus can take hold.  It also stops users from installing software that unknowingly might be virus infected.  For those users that do require the odd permission to run something like a local admin, they can have a unique username and password to be used in these rare moments. We can help make sure the migration to non-local admin rights are completed so if you are in any doubt, please do not hesitate to contact us.

Network Share Permissions

As ransomware targets your essential files, one of the key areas it attempts to hit is your network shares.  Typically this is where your crucial data is after all.  The more critical the data, the more likely you will pay the ransom. So, protecting your network drives is a vital part of your defences.

Under GDPR and just adhering to good practice, staff shouldn’t be able to access more on the network drives than what they need to do their job anyway. However, in a lot of small businesses, especially those who use a lazy IT support company…you will often find that there is only a handful of network shares that are accessible by everyone. Even if you are happy for everyone to have access, consider the fewer areas a ransomware virus can hit the better. For example, if sure staff only need access to an HR folder, then limit their access to just this.  That way, should a virus attack occurs its chances of wiping out all of your data will have a significant reduction.  Managing network share permissions can be messy and complicated if done wrong.  We are experts in best practices for managing these permissions, and in most case, it doesn’t require much time/cost to put right if done correctly.  So, if you have unsecured network drives just waiting to be attacked, please do get in touch so we can advise on how you can better protect yourself.

Install the latest patches and security fixes

As mentioned, ransomware will often use other exploits to gain access to a network before it does its damage.  Many of these exploits rely on out of date systems that haven’t had fixes applied.  So, to minimise the chance of this happening, always make sure your system is up to date. We have protected our customers with a remote management system that can help alert us to any out of date machines. We also provide a fixed price out of hours server update service at just £35+VAT per month. These measures ensure your central servers are well protected against exploits while causing no in hours disruption. When you consider that fixing the damage from a ransomware attack is likely to cost £1000s, reasonable preventative measures like this only need to block one attack to pay for themselves many times over.

THE MOST IMPORTANT THING YOU CAN DO…

We cannot stress enough that you make sure you have a comprehensive and tested working backup.  Even with all the correct preventative measures in place, chances are you will fall victim to a ransomware attack one day.  So, having the ability to restore your system quickly and efficiently will be the one thing that saves you.  Our advice is to ensure you have the following:

  1. A backup system that includes a complete copy of your essential servers and machines, this full image backup of a server should enable you to restore your systems quicker, cheaper and with reduced risk of data loss through accidental backup oversight.
  2. Regular manual checks every week to make sure your backup is completing successfully. Even automated emails reporting on the success of a backup can get it wrong.  By having a technically capable person check your backup, it will be far less likely that you find it hasn’t worked when you need it the most.
  3. Perform regular test restores every 3 to 6 months. A backup that fails to restore is no right to anyone.  Do not wait until you need to restore files before you test that it works. Which includes doing a full system restore to prove your complete disaster recovery plan.
  4. A backup system that stores data offline and or offsite this is essential because ransomware can spread to your backups when connected to a server that becomes infected.  As such, you want to make sure there is a barrier between your system and then backup data, e.g. they are disconnected from the server.   Likewise, having a copy offsite will help in both this manner as well as against flood and fire.

Would your company benefit from this proactive and savvy IT support from a company that puts your needs first? Just get in touch to see how we might be able to help you achieve similar gains with your ongoing IT requirements, please give our Office 365 experts in our Bristol UK Office a call on 0117 9118808 or inquire for help here.