You know it is very bad news when you see the message above on your computer screen: That is what a crypto ransomware notification looks like. And if you’ve been following the news lately, you’ve certainly heard about how cities and local governments in Texas, Florida, Maryland and others have had to deal with cases of ransomware infections.
It initially started out as an annoyance: you click on a link and ads popped up on your computer screen. Then it progressed to fake anti-virus scams that installed nag screens on your computer and tried to force you to pay to remove the nag screen.
Crypto Ransomware is a new form of virus attack that encrypts files, making them inaccessible, until money (a ransom) is paid to the people responsible for locking or encrypting the files.
Big picture? Think of your QuickBooks database, Excel spreadsheets that contain vital business data, the PowerPoint presentations that took countless hours to create, and on a more personal note, the pictures and videos you’ve painstakingly collected over the years. All gone, unless you pay a ransom to the cyber criminals.
The way it works is that a screen alert is displayed to the victim. These alerts often state that the user’s computer has been locked, or that all of their files have been encrypted, and then proceed to demand that a ransom be paid to restore access. This ransom is typically in the range of $100–$500 dollars or more, and is sometimes demanded in virtual currency, such as Bitcoin.
How Does It Get On Your Computer?
Ransomware is typically spread through email scams called phishing emails. These are the emails with fake messages like “Invoice is Ready”, “Check Your Shipping Tracking” “Payment Confirmation” etc. that contain malicious attachments.They can also get on your computer through what’s called a drive-by download.
Drive-by download occurs when a user unknowingly visits an infected website and malware is downloaded and installed without their knowledge.
How Do They Get You To Click And Get Infected?
Quite simply, they cause fear and panic to their victims by creating messages like:
“Your computer has been infected with a virus. Click here to resolve the issue.”
“Your computer was used to visit websites with illegal content. To unlock your computer, you must pay a $100 fine. Click here for an explanation”
“All files on your computer have been encrypted. You must pay this ransom within 72 hours to regain access to your data. Click here for details”
When users see such a message, they panic and click on the link presented and become infected.
What Are The Effects of Ransomware?
An infection can have very negative consequences for a small business. For example, having the hard drive of the business owner’s laptop, or a network server taken offline can lead to:
- Temporary or permanent loss of sensitive or proprietary information;
- Disruption to regular operations;
- Financial losses incurred to restore systems and files;
- Potential harm to an organization’s reputation.
A recent case in point is Hollywood Presbyterian Medical Center which had no other choice than to pay almost $17,000 in ransom to hackers. The hospital tried to avoid paying the ransom, but After 10 days of computer paralysis, they succumbed to the demands of the cyber criminals to quickly rectify their deteriorating situation.
How Can You Protect Your Business Against Ransomware?
You don’t have to wait until you’re infected. There are steps you can take today to protect your business from crypto ransomware.
The United States Computer Emergency Readiness Team (US-CERT) recommend that users and administrators take the following preventive measures to protect their computer networks from ransomware infection:
- Perform regular backups of all critical information to limit the impact of data or system loss and to help expedite the recovery process. Ideally, this data should be kept on a separate device, and backups should be stored offline.
- Maintain up-to-date anti-virus software.
- Keep your operating system and software up-to-date with the latest patches.
- Do not follow unsolicited web links in email.
- Use caution when opening email attachments. For information on how to protect against malicious email attachments, see our hosted email services.
- Follow safe practices when browsing the web.
What If You Get Infected?
- In the case of a infection, it is recommended that you unplug the infected systems from the network. This includes wireless devices as well.
- If you want to perform forensic analysis, a memory acquisition must be performed (if the system was not shutdown and a shell is accessible) before the disk acquisition.
- In some rare case, there are possibilities to recover some files (e.g. shadow copies in Windows, forensic recovery or some weak encryption used by some crypto ransomware). You should not rely on such possibility and ensure that you have the proactive measures (as described above) in place.
- In case of infection, it may be better to reinstall the operating system from a clean installation source and restore the backups. Don’t forget to review the restored backup to ensure that there is no infection remaining.
- The general advice is never try to contact the attacker and or pay the ransom. Paying a ransom means that you will support the business model of cyber criminals.