With several high-profile cases in recent news, the threat of ransomware is on the minds of many business owners. Ransomware is a type of malware (a program designed to cause harm) used by hackers to break into a victim’s data, encrypt it, and hold the information hostage until a business agrees to pay for the encryption key.
Cybercrime is on the rise, and experts warn that the ransoms that crooks demand are rising as well. It is a frustrating and expensive experience that none of us wants to face — and especially scary for small businesses who have already weathered a challenging year. But how does ransomware work? How can you prevent it? And what is the ransomware removal process?
Ransomware 101: How does it work?
Like other forms of malware, ransomware gets into computers through weak points in security: outdated software, weak (or missing) firewalls...and computer users. Often, users are tricked into downloading ransomware through phony websites and email phishing scams. Once these legitimate-looking attachments are downloaded and opened, criminals can access your data. We don’t want to scare you, but anyone can be a target — not just large businesses and governmental agencies.
Some kinds of ransomware are much worse than others.
The Little Barky Dog: “Scareware” — pop-up messages saying things like, “your computer is infected, call XXX-XXXX” — is usually more bark than bite. While annoying, your data is probably not actually at risk, and your antivirus software should take care of it.
The Mean Cocker Spaniel:
This is another kind of ransomware that freezes your computer screen and restricts your access unless you pay the attacker. This malware targets a computer’s operating system (OS). In this case, ransomware removal is easier because nothing has actually been encrypted.
But the Big Bad Wolves of the ransomware world are encryption programs. These programs scramble your data so that you can’t access the information, and then they demand payment — and the hackers alone hold the encryption key.
How can I prevent a ransomware attack?
You can prevent ransomware and other malware with good general security habits:
- Keeping software and equipment updated
- Using a firewall and antivirus software
- Changing and using strong passwords
These smart practices can help, but your business needs an offensive strategy as well. An antivirus program will not be enough if you face off with the wrong kind of malware and you find your business in need of ransomware removal. Your MSP should take a proactive role in helping your business prevent malware attacks before they happen.
An effective offense strategy should include:
Vigilant data backup
Backing up your data takes much of the “bite” out of a ransomware situation. If you can still access your information through saved copies, the situation is much less of a crisis. Varay Managed IT has a specialized plan for disaster recovery to make sure you can access your essential information in a worst-case scenario. And if your data is in the cloud, it could be even more secure than it would be on a local server because of continuous backup and advanced security programs.
Often, malware gets into your system because someone “opened the door” to the firewall and let it in. Can your employees (and you!) identify a phishing scam? Are they trained to spot suspicious emails and not to open their attachments? Does your team understand the importance of using the VPN and two-factor identification? Varay’s V-Secure Suite program provides security awareness training to help your team become a “Human Firewall” (or a “firewall that wears pants”). Varay also sends out regular 411 Emails for the purpose of helping clients understand the need for changes, software updates, and services. Cybercriminals look for easy targets, and training can help your business become cybersecurity savvy.
No antivirus program can completely eliminate the risk of malware attacks, but through Varay’s 24/7 monitoring, we can see and address threats in real-time.
Identifying the issues and weak points in your security is the best way to deal with ransomware. Your MSP should proactively work to make sure your tech is up to date, and your business is protected. Preventing ransomware in the first place is easier than ransomware removal.
So someone opened an attachment they shouldn’t have...and now your business is in a ransomware situation. What do you do now?
There’s no guarantee the criminals will give back your data even if you pay them what they ask, or that they haven’t already sold it on the dark web. Paying ransoms can embolden criminals to continue extorting other businesses because they know they can get away with it. In fact, 4 out of 5 businesses who paid ransoms later experienced another attack — so if you find yourself in a ransomware situation, do what you can to take control of the situation.
Depending on the type of ransomware, there are a few steps that you can take to regain control:
- Disconnect the affected devices from the network
- Reboot your computer in safe mode
- Contact your IT service provider
- Reset passwords
- Run your antivirus software
- Make sure your backup data is free from the malware and reset
While there are ways to remove ransomware from your computer, ransomware removal won’t decrypt your files if your data is encrypted. The steps above only keep the malware from accessing more information — they won’t necessarily restore your data. There are free decryption programs, but only the attacker holds the specific decryption key. By haphazardly running a decryptor, you might scramble your data even more.
If you find yourself in a ransomware situation, we’ll see what data can be recovered. But good employee habits and training, vigilant data backup, and your MSP’s watchful eye can make sure it never happens again.
If this information has opened your eyes to the threat of ransomware and you’d like to see how Varay can help keep your business’s data safe, contact us for a free consultation!