Here’s a nightmare scenario for you. Show up for work on a Monday morning to discover you’re locked out of all business systems. You’re infected with ransomware. No-one can work. Even worse, an anonymous creep is demanding payment in Bitcoin or Monero, which you probably don’t have. Where do you start and what do you do?
While it might not be you today (thank your lucky stars), it definitely could be. Plenty of Kiwi companies have experienced this waking nightmare; in fact, ransomware is rapidly becoming one of the most prevalent forms of malware, according to BitSight. Names like WannaCry and NotPetya should be familiar to most.
Where ransomware is concerned, prevention is always a lot better than cure. Actually, that goes for any information security compromise.
But before getting to ‘what to do’, a definition. Ransomware is the unvarnished ugly face of cybercrime. It arrives by email attachment or a tempting link or any one of a number of subtle social engineering ways to inveigle code onto your computers. Then it encrypts hard drives and sends you a message, attempting to extort money.
Getting into prevention requires an overview of how to, more generally, secure your information systems; we’ll deal with that after looking at how to get out of a ransomware pickle.
Dealing with ransomware
Firstly, do not pay the ransom. Paying a blackmailer might make them go away, but for how long? The attacker is already in. Even if they were to decrypt your files, how long until they locked it down again? Furthermore, if anyone pays the ransom, it encourages more attacks. If no one paid, there would be no reason to create the ransomware.
Secondly, get help immediately. Far too many businesses make it into a third day of business disruption before asking for help.
The general priority for dealing with malware is: containment, identification, notification, cleaning.
A simple and sound prevention strategy
Think of security, and all systems, as a three-legged stool. Those three legs are People, Process and Technology. Take just one out and the stool is perhaps only suitable for a clown: it’s going to tip over, except unlike in the hands of a circus entertainer, the spill won’t be funny.
For a secure computing environment, then, all three legs must be sound.
Note that antivirus software, while necessary, is far from sufficient: it barely makes the list. If you’re pinning your hopes of security on an antivirus subscription, you may find yourself coming up short.
Regular reminders of security and continuous user education is the only approach to reinforcing this aspect.
An example might be requiring any payment requests, or change of bank account details, to be done telephonically rather than by email. The simple fact is that an ‘email from the CEO’ could be from anyone (spoofing). It’s harder to impersonate someone on the phone.
Note, however, that even with all three legs solidly in place, there’s no guarantee that you won’t be infected or targeted. Expect a compromise – and know what to do should it eventuate.