11 July 2016
In a nutshell, ransomware works by infecting a computer when an attachment on a spam email is opened, or being tricked by a website into installing. Once installed it works its way through your file system encrypting your files and leaves behind messages saying if you want them decrypted you will have to cough up. And commonly when finished pops up a screen message telling you what has happened, with a threat to pay up or else.
More recent forms of ransomware are becoming more aggressive by including network drives so a client can end up encrypting files on a server, and deleting any shadow copies from which your data could be recovered. Current ransomware encryption is now considered uncrackable. As such your only options are to clean out the ransomware and restore everything from backups, or pay the ransom and hope that your files will be decrypted.
What should you do?
It doesn’t appear that you can rely on anti-virus / malware scanning to protect you as the signatures are evolving too quickly. An ounce of prevention is worth a pound of cure – as the saying goes.
Firstly, beware of emails with attachments from people you don’t know or where you were not expecting to be sent an attachment, or links posing as invoices or other documents. Send your staff this information so they know what to look out for, and impress upon them the need to be careful and vigilant when it comes to opening emails.
Secondly, make sure you have good backups including a set which are not on your computer or a network drive – this is your insurance policy - since if the backup also gets encrypted you will be stuck.
Talk to your QSP about off site backup options.