How Ransomware Has Changed Business IT Security Forever
You’ve heard the term, probably know someone who has encountered it, and likely have narrowly missed infection yourself. Ransomware has permanently changed Business IT security forever, and there’s no going back.
Definition of Ransomeware
Let me take a minute to define ransomware and why it’s a problem. First off, anything with “ransom” in it tends to be bad and that’s the gist of these viruses. They want your money. Essentially the ransomware will encrypt your files and make you pay the ransom to get them unencrypted.
How strong is the encryption they’re using? Typical ransomware uses an algorithm called RSA 2048. On average, it is estimated that your desktop computer would take over 6 quadrillion years to crack the code. The morale of the store here is that once you’ve bene infected you have two options: pay and get your computer back or don’t pay and start over.
How do I tell if I’ve been infected?
It’s pretty straightforward, the image to the right is an example of a ransomware screen.
If you see this screen, or have seen it in the past then you understand the severity of the issue. The message may as well be a gun with a bad guy holding it. This is just another form of robbery.
So, who’s doing the robbing? Where do these bad guys live? Various reports have them coming from China, eastern Europe, Turkey and many other locations. The reality is ANYONE can get in the business of being a cyber thief. All of the software and services necessary to become a cyber thief are available for purchase.
The reason so many people from so many places are getting in the business of being a cyber thief is easy – it’s working! According to the security firm KnowBE4, in early December 2013 after less than two months of infecting users with the ransomware virus “Cryptolocker” four bitcoin accounts were traced that had received over $27,000,000 in transactions.
What if I have Ransomeware?
Experts agree you have four options:
- Restore your files from a backup. The most effective and fastest solution.
- Try to Decrypt. Not a concrete solution, but may be worth a try in certain situations.
- Do Nothing. Don’t pay the ransom and wipe the computer. Never try to remove the viruses and then rebuild the computer. Wipe it clean then rebuild.
- Pay the ransom. If you MUST have the contents of the computer and don’t have a backup you might be forced to pay.
Option four is the last resort, and some experts consider controversial. Their reasoning is that nothing will encourage more ransomware like success. To me it’s a math question: is the data you’ll lose worth the cost of the ransom? Recently the Hollywood Presbyterian Hospital paid $17,000 to decrypt files. To them, the downtime and potential for loss of data was worth the cost.
Prevention is the Best Approach
We’ve established how and why these viruses are happening, let’s talk about prevention. At Computer Systems, Inc. we recommend and implement a multi-level approach. Here are some of the layers:
- The perimeter. You must have a security appliance that actively scans network traffic for infections.
- End Point Protection. A traditional anti-virus application doesn’t work anymore. The new generation of end point protection solutions are “watching” for threats like this.
- A reliable, image-based backup of company data. A backup with local and cloud-based copies of your data is a priority and will enable fast recovery from an infection.
- Management of these solutions. It is critical that someone is actively managing your network security for potential threats. End point protection, firewalls and applications need constant updates and monitoring.
- End user education. As much as we would like to be able to throw a padlock on the network and call it secure, we can’t. Educating users on what to look for in email phishing attempts, suspicious looking attachments, and spoofing email attempts is critical. Constant education is a must in today’s security environment.
Other actions that protect your system: Timely deployment of Microsoft updates, Timely deployment of third party software updates (Java, Flash, Adobe Reader, etc.), Proactively managed Email filtering solution, Vulnerability Scanning
Finally, here at Computer Systems, Inc. we have devoted a significant amount of time and resources to developing security plans for our client networks. From an initial assessment all the way to testing your security and end users we can improve your security and in the end, save everyone time and money!