Protect Your Company’s Data against Ransomware
Unless you’ve been living under a rock, you have probably heard or read about ransomware, but you may not know exactly what it is. If you aren’t familiar with the term, consider yourself fortunate, because that means you haven’t been victimized, at least not yet. Don’t wait to become the victim of ransomware to discover how dangerous it is. Take concrete steps now to protect your company’s data.
What Is Ransomware?
If you’ve been attacked by ransomware, you’ll know it immediately. A message demanding payment, which often runs into hundreds of dollars, is displayed prominently on your computer screen. In many cases, a deadline is given, which, if it isn’t met, means that you will lose access to your files for good.
There are three basic categories of ransomware: scareware, lockscreen malware and file encryption malware. All three inhibit (or prevent) your ability to use your computer or access its files. Of the three, file encryption malware is the most malicious.
- Scareware: Scareware is a scam that displays a phony warning to the victim that his or her computer has been infected with a virus, with instructions to click a link to download software to “clean” the system. In fact, there is no virus. Instead, the link activates malware, which then infects the victim’s computer.
- Lockscreen Malware: Lockscreen malware completely locks the victim’s system, substituting a full-screen display in the form of a fake “government” warning that the user has violated some regulation. The warning states that the victim must pay a fine to restore access to his or her system.
- File Encryption Malware: File encryption malware literally encrypts files on a victim’s computer. The attacker demands ransom – often in the form of Bitcoin, an electronically generated type of “currency” – to supply the victim with a “key” to unlock his or her files.
Protection against Ransomware
Following common sense safe computing practices can go a long way in protecting your company’s data from ransomware attacks. For instance, don’t click on suspicious links in email messages. Scan attached documents before opening them. Avoid surfing sketchy websites or downloading questionable files.
In addition, every computer used by your company (including your workers’ home computers) should be protected by anti-virus and anti-malware software plus a firewall. This software (as well as the OS for each computer) should be regularly updated. Workers who access company files from home should use an Ethernet or secure Wi-Fi connection. A virtual private network (VPN) adds an extra layer of protection when accessing files outside the company’s network. Limit access to critical files to workers who absolutely must have them.
Of course, no prevention system is foolproof. The ultimate protection is ensuring access to your files even if you are attacked by ransomware. Data and files should be backed up regularly – on an in-house backup system that is NOT connected to the company’s network, or in the cloud. Creating multiple copies of your backup maintained in different locations is highly advisable.
Recovery from a Ransomware Attack
If you’ve been attacked by ransomware, the first step is to disconnect from the Internet immediately. (If your company has multiple computers connected to a network, disconnect all of them and perform antivirus scans immediately.) If you’re lucky, you may stop the ransomware attack. Self-help guides from sites such as Bleeping Computer or Bitdefender may allow you to regain access to your computer’s files without paying the ransom – use them at your own risk.
Whether or not you attempt to remove the ransomware, clean your computer. Running an antimalware program like Malwarebytes from Safe Mode is sometimes sufficient to do the job. Another option is to try to roll back your computer’s system to an earlier time (before the ransomware infection). A third option is to attempt to run a virus scan program from a bootable disc or thumb drive. After the computer has been cleaned, run a complete virus and malware scan to ensure that there are no remaining vestiges of malware, viruses or Trojans.
If all else fails, performing a factory restore will execute a low-level reformat of your computer’s hard drive. This will remove the malware, but you will need to re-install your computer’s operating system (OS) and restore your files and other settings. Of course, this assumes that you have access to your computer’s OS and backups of your files. If you don’t, recovery will be much more difficult – and may be impossible.
Finally, if you or your company is attacked by ransomware, contact the Department of Homeland Security, the local FBI Field Office or the Secret Service Field office. Doing so can help track down the attackers and prevent them from attacking again.
What’s not recommended? Paying the ransom. First, there is no guarantee that the attacker will actually restore access to your computer or files even if you pay up. Second, paying ransom encourages future attacks on your system or against other victims.
If You Don’t Have a Backup
If you don’t have a backup for your hard drive or network data, you may still be able to recover your files after cleaning your system – if your system was attacked by scareware or lockscreen malware. Chances are your files have been “hidden.” Check the help function on your computer’s OS for instructions on how to restore hidden files. Another possibility is to attempt to access previous versions of your computer’s files. Neither of these strategies should be counted on to substitute for a backup, however.
BECOME AN ACCA MEMBER