Ransomware is costing my business a fortune so here are some tips to help you avoid it.
Right now the biggest unnecessary cost to my business is cleaning up after ransomware has hit one of our fully managed clients. Our fully managed clients pay us a fixed price for their IT services and we carefully assess risk and effort required to look after our clients and then effectively insure them from the cost of IT maintenance and support with an all-you-can-eat fixed price model. This for the time being, includes cleaning up after a virus or ransomware has struck them so we bear the cost of it.
At the moment we are seeing multiple attacks every week and each one has a serious impact on our client’s business and a similar impact on our time cleaning it up.
We have again seen recent graphic emails that look like a delivery notice from Australia Post with a link for tracking delivery.
Earlier versions of Crypto Locker Virus have been cleaned up as a result of keys being released but don’t let that lull you into a false sense of security. There are new versions being created regularly that are a serious threat to your data.
I have written about these type of attacks previously as far back as almost a year ago but the frequency of attack is increasing not decreasing.
When these attacks occur it is usually because a person at a PC failed to observe the danger signs and executed the code. The virus then encrypts local data on the hard drive and anything it can access on network drives, potentially your entire company’s data.
So here are some tips on how to avoid being tricked by the latest round of these nasties:
1. When you receive an email with a link or a button to click check who it was sent from, hover over the link and see if you recognise the url that pops up or appears in the bottom corner of your screen. For example, this one says mywebsite.com.au but if you hover over it you will see something else. Don’t worry this one is OK to click on, but many are not even if they appear to come from someone you know.
2. Be very cautious of emails with attachments. You must avoid clicking on an attachment with a funny extension such as .zip or .exe or .php or others. If not sure check before opening.
3. Keep all your devices up to date with software patches PCs, servers, phones, tablets, networking kit, applications and operating systems.
4. Do not surf the internet while logged onto a server or PC with an administrator level account. You can have a user account with limited permissions so applications such as Trojans and viruses cannot run and install themselves. Best still for server administrators to do your surfing from a PC rather than the server console.
5. On any PC or server with internet access run current versions of antivirus software and ensure they are updated throughout each day. Many of these threats can be detected but not all of them, so it still pays to be aware.
6. Advanced Firewall tools can also be used to stop viruses connecting with their source on the web which in some cases will stop them from executing. There are tools that can block the encryption methods but they tend to be very expensive and are not yet 100% reliable. In time they will become accessible technology.
7. Using advanced backup solutions that take regular snapshots of data throughout the day will not stop files from being corrupted or encrypted. However, should you be attacked by one of these threats it will allow you to clean up the hard drives affected and then restore a recent version of your data from before the damage was done.
8. Offsite backup is now a must have for every business from one person with a PC to global enterprises. Whether you carry home a tape or hard drive or have online backup is not important here. The key is that it needs to be taken away from your office every day and left off site for a period. It is no use planning to grab the data and run when an emergency strikes as it is likely already too late.
If you find your files have been encrypted do not attempt to pay the ransom. Call your IT people to clean up and restore from backup.
There is no safety in paying the ransom and it encourages more of the same behaviour. If you do not currently take the above steps for protection or do not know who you would call when you find you have been hit I strongly suggest you take action today to put counter measures in place and ensure you are ready to recover from a ransomware attack on your business.
You may be smart enough and educated enough to avoid them all but one of your team may not be. If you have counter measures in place, as our clients do, the impact will be a bit of downtime and a few hours of lost data.
If you do not have counter measures in place you could lose all of your data.
David Markus is the founder of Combo – the IT services company that is known for business IT that makes sense. How can we help?