In a 3-day customer survey taken in late 2016, Redstor found that over 100 end-users had, within the last 6-8 weeks, had to recover from Ransomware attacks; these organisations included schools as well as small-medium businesses and enterprises (SME/SMBs). Ransomware has been a rapidly growing challenge in 2016, but what is ransomware and how can you protect your organisation from it?

Some common / well-known strains of Ransomware include:

• Cryptolocker
• Cryptowall
• Popcorn Time

Ransomware has been around for over a decade although it was not until 2013 that ransomware become big news with the arrival of Cryptolocker. Ransomware strains all have commonalities; they make your data inaccessible through encryption. To regain access, you will have to pay a ransom within a set time period.

How should I protect against Ransomware?

Data protection is an important step in the fight against Ransomware and to successfully protect against it we must understand where it comes from and how it can infect us.

1. Spam Mail. Everyone at some time has opened their inbox to see unwanted mail or content that has been missed by filters. Some of these mails can look legitimate and may even come from an email address that looks recognisable. However, links and attachments could contain a strain of ransomware waiting to be accessed in order to infect your machine, and in time infecting your entire network.
2. Infected Drives. Situation, you find a USB key, it’s seemingly harmless, you recognise the company logo embossed on it, would you plug it in? Perhaps in an attempt to return it to its rightful owner? By this point in time it could be too late, an act of kindness or intrigue has left a very sour taste in your mouth as your data is encrypted in front of your eyes.
3. Trojan Horses. A Trojan Horse, unfortunately, is not a new method of infecting a machine or network with malware/viruses. In this method, the user downloads and installs an innocuous looking piece of software. Unbeknownst to the user, ransomware is hidden within the software and their device is now infected.
4. Compromised Webpages. These are the webpages that spam mailers are likely to link to, but they could also be found browsing the web. Sometimes simply visiting the webpage is all that is required. Once this page is reached, it’s likely that a file will be silently downloaded and the virus will begin to encrypt data – these files could sit dormant for some time in an attempt to ensure that recovering a system to a date before the infection occurred is is more difficult.

Diligence is key. Ransomware is evolving quickly and there will be new sources and efforts to infect users and networks moving forwards in 2017. Educating users about the dangers and possible sources of ransomware could be one step to help prevent it. Simple reminders such as: ensuring users check sources when downloading or accessing information, updating spam filters and being wary of emails from unknown addresses, could help.

What happens once I’ve been infected? Is data recovery possible?

If you’ve been infected by ransomware, there are really only 3 options.

• Pay the ransom and trust that your data will be decrypted and that you will not be hit again.
• Do not pay the ransom and after a period of time, usually 24 to 48 hours, your data will be gone forever.
• Recover your data from your last backup and keep working. Sounds simple doesn’t it?

Backup before it’s too late

Having an active off-site backup solution will ensure that there are uninfected copies of data that can be restored. An onsite backup may be able to help but if the infection spreads to this local copy then that too is going to be inaccessible. Implementing a new backup solution is no use if data is already infected – a backup may be able to take place but the restore won’t be able to get round the encryption that’s already there.

You can find out more about how Redstor can help protect your data against ransomware here.