Ransomware
If you haven’t heard of ransomware by now, then you really should have. It’s an industry-wide problem that is getting worse and causes all manner of disruption. Ransomware programs encrypt your data and then demand a ransom for the key to de-crypt it, however reports vary on whether paying the money will actually get your data back.
The main issue with ransomware is it’s pervasiveness. Not only will the data on the PC where the attack occurs be encrypted, but any mapped drives will likely be affected too. That means even if the data is on another machine (server), it can be encrypted. In addition, as the encryption counts as a change to the file, those newly encrypted files will be uploaded to your backup as well, so the latest backup version is also encrypted.
So how do you avoid becoming a victim?
Backup
Make sure you have a backup which included multiple versions of files. I have mentioned this as the first step, because if you don’t have a backup, you won’t get your data back. And if that data is mission-critical then your business will be at risk. I’ve already mentioned that the latest version of your backup will include the encrypted files, so it is vital that you have earlier versions of files included in the backup. These ‘good’ versions of the files can then be restored.
User Education
Ransomware works through a file being run on the affected PC which then proceeds to encrypt files. This usually takes time and involved the files having a strange file extension name and, more often than not, an extra file in every folder explaining how to pay the ransom - this will have an obvious title like ‘ENCRYPTED FILE RECOVERY’. Users should be alert for this kind of indication and also PCs which are constantly busy and churning away to themselves. If discovered, switch them off immediately.
But first and foremost, users should never open any file they aren’t certain about. If there is any doubt, attachments should be deleted. If it’s important, the sender will contact you by other means, so don’t be tempted to open it. Once you do, the encryption will have begun.
Plan for Disruption
Assuming the worst happens, but you have a good set of backup files, it will still take time to recover from a ransomware attack. The infected PC will need to be reloaded and all your data restored from the backup. The data restore itself will take hours, possibly the best part of a day, depending on the amount of data. There will inevitably be a short time after when various items need to re-installed or re-configured to suit the user. All of this results in disruption and is part of the process. Forewarned is fore-armed.
In summary, there is no doubt a ransomware infection is painful and disruptive. It is far better to avoid infection, but if the worst happens, a good backup is vital.