5 Defense and Recovery Tactics to Protect Your Business from Ransomware

If you’ve never heard of ransomware, the thousands of attacks that have been reported over the past year—as many as 4000 per day across the country, including here in Florida—should be an indication that it’s time to start self-educating to protect your Miami business.

The first several weeks of 2017 have been no different, and in fact, ransomware and IoT-enabled hacking trends may just mark the beginning of what’s on the horizon for the year. As seen from incidents at small-town operations like the Cockrell Hill Police Department in Texas, which recently recorded in a statement that they had lost a significant amount of evidence gathered since 2009, to much larger institutions like the St. Louis Public Library, where patrons were unable to check out books from any of its 16 locations or access any of the library’s 700 computers over a four-day period in late January, hackers seem to be growing indiscriminate in their use of these malicious programs. Recent developments have also shown that, in addition to infiltrating PCs across the globe, cyberpunks have begun to set their sights on other electronic devices, such as Android smartphones and smart TVs.

Are you paying attention yet?

All of this information is not meant to scare you, we promise. However, since the best way to safeguard your business’s information and ensure business continuity is to be proactive in your defenses, if this post convinces you to increase your security and educate yourself on malware defense tactics, then we will have done our job. Continuing with that line of thought, here is what you need to know about ransomware and how to protect your business from infection.

Ransomware

As the above articles describe, ransomware is a form of malware that “locks down” your computer system by encrypting your documents, videos, and pictures, basically making files and operations inaccessible until the malicious software is removed, or a ransom is paid. Instead of displaying that expense report or employee file, your screen will display an electronic ransom note with instructions for how much and where to make a deposit. The wording of the ransom note depends on which malicious program has infected your computer, but they all have the same goal—to extort money. For context, here is how the Locky ransom note that attacked the Cockrell Hill PD system reads:

“!!! IMPORTANT INFORMATION !!!

All of your files are encrypted with RSA-2048 and AES-128 ciphers. More information about the RSA and AES can be found here:

http://en.wikipedia.org/wiki/RSA_(cryptosystem)

http://en.wikipedia.org/wiki/Advanced_Encryption_Standard

Decrypting of your files is only possible with the private key and decrypt program, which is on our server. To receive your private key follow one of the links:

If all of this addresses are not available, follow these steps:

1.Download and install Tor Browser: https://www.torproject.org/download/download-easy.html

2. After a successful installation, run the browser and wait for initialization.
3. Type in the address bar: g46mbrrzpfszonuk.onion/
4. Follow the instructions on the site.

!!! Your personal identification ID: xxxxxxxxxxx !!!”

If your network is infected, you can opt to pay the ransom, which can range from hundreds to thousands of dollars. However, even if you have the money in your budget to make the payoff (the FBI recommends that you never pay the ransom), there is no guarantee that those holding your information hostage will make good on their word—they are criminals, after all. The other option is manual removal, which can take days or even weeks if you have to wipe and rebuild your entire system from the ground up.

Ransomware Defense and Recovery Tactics

Because of the costs that add up from loss of business and computer repair, you want to do everything you can to avoid being infected by ransomware. Read on for actionable steps that you and your team can take to keep your business safe from these malicious programs.

Educate Yourself and Your Team

Just one click is all it takes to allow a malicious program into your system. Once the ransomware infects one module, it can easily spread to the rest of your operation. Take some time to educate your team members about how to recognize suspicious emails and links to strengthen your first line of defense. If you need help with keeping your team up to date, contact an expert.

Update Your Antivirus Software

Cyber-terrorists are constantly updating their programs, and that means that new editions of ransomware may skirt detection if your antivirus systems are not up to date. You can easily set whatever antivirus software you use to update automatically. To be even more thorough, run periodical scans to keep your system running smoothly.

Avoid Public Networks

If you have any mobile team members or if you issue company devices, make sure to be explicit about how and where they are to use them. Public networks are easily compromised, so it is best not to use them with devices that are regularly connected to your company network.

Make Use of Privileged Accounts

If your team does not have the ability to install new programs on their terminal, then they can’t accidentally install ransomware or other malware. Only allow access to those who need it.

Back Up Your Data

Backing up your data every day is the best way to ensure a smooth recovery process in the event of a ransomware attack. It is recommended that you store all critical business and client information offline or on a separate server.

We hope that you find these strategies useful.

If you have questions or concerns about the security of your business, we are glad to get on a call with you to help you determine the best way to protect your business from threats like ransomware.