How to Fight a Ransomware Attack

It can strike at any time.  One minute you are working on your computer and the next your computer is behaving strangely, and you can’t open your files.  You look into a folder and see your files with altered file names.  You look in other folders and see the same thing.  You try opening Word files, Excel files, pictures, QuickBooks… nothing is working correctly.  You reboot your computer because that seems to be Microsoft’s solution to most problems.  But not this time.  This time, rebooting solves nothing.

You might see a message pop up on your screen informing you that your files have all been encrypted.  You might see a file that appears in every folder and when you open it, you will be informed of the attack.  What’s happening here is that malicious software has attacked your computer and it has encrypted many if not all your documents.  The only way to decrypt these files to make them usable again is to get a decryption key.  The only way to get a decryption key is to pay a ransom to the perpetrator of this attack.  And the perps ask for payment in cryptocurrency, like Bitcoin, which would be untraceable.  It’s like leaving a bag of unmarked cash bills on a park bench for them to pick up.

Should you pay the ransom to get your files back?  Probably not.  Ideally, you have everything backed up.  Then it is just a matter of removing the virus and restoring the files from backup.  Removing the virus might be simple and straightforward or it might be difficult.  Sometimes, it can require a complete reformat of the computer to ensure that it is, in fact, clean.

But what if you do not have adequate backups of your files?  Should you pay the ransom then?  Let’s think about it.  The ones who have perpetrated this attack on you are criminals.  What is the likelihood that said criminals will keep their word and deliver the decryption key to you following your ransom payment?  What recourse would you have if you sent the ransom and then they didn’t help you decrypt your files?  And, if you do pay the ransom and they do provide the key, what is stopping them from hitting you with another ransomware attack again?  Maybe the next attack might demand thousands instead of hundreds of dollars.  You will have proven to them that you are a good source of income for them.

What is the cost of such an attack?  For some businesses, it amounts to a big inconvenience.  This is the best-case scenario.  For other businesses, the loss of all their files and documents could prove fatal.  If they are in a regulated industry and they lose their records or if they are required by their industry or best practices to retain records for litigation purposes, they might have no other choice but to discontinue operations.

In the ransomware game, your best offense is a great defense.  You need timely, secure, and offsite backups.  You need updated and effective antivirus/security software.  No security package will recognize and block all attacks, especially attacks by brand new viruses (“zero-day attacks”).  A zero-day attack is malicious software in its first day in the wild, before the security companies have figured out what it is and how to recognize and remove it.  But better to stop almost all attacks instead of stopping none of them.  You need your systems regularly updated to give you the best chance of blocking the latest threats.  Maybe you need a stronger firewall that will stop threats from entering your network.

It is a multi-layered approach that keeps your data and documents the most secure:  protect your network with a solid firewall and a secured wireless network (“wifi”).  Protect your computers with timely Windows updates and strong antivirus/security software.  Protect your data and documents with regular backups that are stored either in the cloud or offsite.  Secure the services of a competent IT help desk to guide you through the preparations and recovery.  Training for all your staff on safe computer practices and how to spot ad avoid phishing and other fraudulent activity will also help to keep the network and computers secure.

It can be expensive.  But which costs more?  Losing all your files or building a secure infrastructure that allows you to recover from such attacks?  Contact Landau Consulting to learn about our IT services including network and computer security services.