How to Deal With Ransomware
September 6, 2016 by Lore Operation Team
Imagine turning your company’s PC on one morning only to find all of the data inaccessible. A warning pops up on the screen that you must pay $10,000 if you want to recover the lost data.
This scenario seems unbelievable, but it’s happening more and more every day. Kevin Haley, Symantec Security Response’s director of project management, says there have been approximately 4,000 ransomware attacks per day in 2016. This is a 300% increase from 2015.
Not only has the number of attacks increased, but companies are also being asked to pay more money to release their data. Hollywood Presbyterian Medical Center had to pay $17,000 to hackers. MedStar Health in Columbia, Maryland had to pay $19,000 to have their data decrypted.
Ransomware: Why You Need to Be Concerned
Ransomware is malware. It’s not like other malware that steals confidential information or people’s identities. Instead, it encrypts all system data, making it inaccessible and unusable.. A company is unable to access or decrypt the data until it pays the ransom amount. Some of the most well-known ransomware attacks go by the names:
- CryptoLocker
- Locky
- CrytoWall
- Winlocker
As hackers become more intelligent and their programs more sophisticated, more advanced ransomware attacks will arise. Recently, a new type has been identified called Master Boot Record (MBR) ransomware. This form of ransomware doesn’t allow the operating system to boot up. A “ransom note” is displayed on the screen during the booting process, and unless the directions are followed, the computer remains locked. The two most popular versions of this type of ransomware are Satana and Petya.
IT security experts report the best way to deal with ransomware is to prevent ransomware. Robert C. Covington from ComputerWorld says, “Bottom line: The best cure for ransomware is diligent prevention. Once you are infected, your options may be limited, expensive and unpleasant.”
Preventing Ransomware
A complete, reliable backup plan is the only way to prevent ransomware. Restore points are ineffective. The only way to recover a computer’s data without turning to hackers is to have a backup to restore a computer to its pre-attack functioning.
While backup can bring back data quickly, it’s best that hackers not be able to access a computer’s data in the first place. A good way to do that is to restrict mapped drives. All server drives should be mapped to authorized users. This will keep unauthorized users (hackers) from accessing the PC.
Read-only folders can also decrease the risk of ransomware. Read-only folders are unable to be altered, which keeps hackers from putting files into the PC that will encrypt data.
Backing up, restricting mapped drives, and making folders read-only are not just for on-site computers and servers. It’s also important to protect cloud drives. According to Krebs on Security, cloud drives are susceptible to ransomware, and with more companies using it for data storage, this can be incredibly damaging when attacked.
What to Do When Ransomware Attacks
When there is a ransomware attack, it’s important to handle it correctly. Companies have been scammed. Paying the ransom amount does not always guarantee the data will be decrypted or released. To ensure data is released, it’s important to ensure the exchange of money and data is definite.
Jason Glassberg, the cofounder of the security firm Casaba Security, says the first step is to let law enforcement know about the attack. Even though the ransom is a technological one, and law enforcement may not able to do much, it is still wise to make them aware of the crime. The next step is to turn the infected computer off as soon as possible, and disconnect it from the network. It is possible that one infected computer can attack all other computers on the network. It’s much easier to recover data from one computer than 100 or more computers.
Once the attack has been isolated, a decision needs to be made about paying the ransom. If there is a backup of the data, you may not have to pay the ransom. This is the best choice. Glassberg points out, “Paying the ransom may not result in you getting your keys back. And you are also providing additional incentives for the criminal element to continue to build ransomware and make it more effective and helping it become an even bigger problem in the future.” With a backup, you can simply recover the lost data from the backup and move on with the knowledge that ransomware attacks can happen and will likely happen again making prevention a critical next step.
If there is no backup, paying the ransom with the hope the hackers will release the data may be the only choice. This will be an expensive lesson that warrants motivation to implement a prevention program, so this type of cyberattack does not occur again.
For more information on what to do about a ransomware attack or how to prevent one, contact us today.