Discussions about ransomware are nothing new inside or outside of the IT bubble that small businesses sometimes collide with. We’ve all been hearing it for five years or so. But it’s important not to let the idea of an IT disaster, or the process of, cue the buzzword: disaster recovery, become more noise in your daily cycle of news headlines.
This piece of advice could potentially become very (quickly) clear to business owners and many-hat-wearing IT directors that haven’t had a ransomware issue. Of course, it’s all the more sinister and apparent to those that have.
Getting ahead of the malware trends is pretty challenging, but beating the basics and locking down your comfort level with what to do and not to do—that’s, well, doable.
Cisco defines ransomware as malicious software that locks up the information on an individual’s or an organization’s computer—documents, photos, music, anything really and will not release these files until the user pays a fee—or a ransom, hence the name—to unlock these files and get them back.
Ransomware does this in a very sneaky way, using something called a payload. In computing terms, the “payload” is the part of the malicious software that does the evil-doing on your network. In the case of ransomware, the “payload” performs the locking of your documents. It’s usually hidden inside of another file or some other action (like a link to website content containing an Adobe Flash element).
You’re naturally asking yourself: how does the payload get onto your network in the first place? Let’s run through a scenario.
Transmission can be as simply as clicking a malicious link in an email from a vendor or a colleague who in turn, perhaps thanks to a weak password, had their account details compromised in a large scale hack like Yahoo’s in 2013. [Have a Yahoo account? Safely run your details through haveibeenpwned.com if this doesn’t ring a bell. You may have another problem on your hands.]
Once the payload has been delivered, a script begins to run on your network, locking everything from financial spreadsheets to legal documents. Any mapped drive is likely going to be affected. Even, in the case of famous malware script “Locky” (see here if you’re curious) unmapped drives—the areas on your network someone vaguely technical might assume to be safe—can be mounted and promptly infected and locked. And when we are thinking “locked” in this scenario, the definition is 100% totally inaccessible, Fort-Knox-locked down.
At this point, and then we’ll end the scary story, you’re at a crossroads. There are usually only two options:
- Pay the ransom and hopefully receive access to your files again. Does it work? Sometimes. But you’re essentially negotiating with cyber terrorists at this point. There are no guarantees and they have the upper hand.
- Roll everything back. Are you really capable of rolling your business’s entire network, including every machine connected to it, back to before the infection? Can your business afford the downtime? Were your backups affected? What about connected devices like smartphones?
The realization here is a little like what your primary care physician might say if you were to ask about avoiding the flu or a particularly infectious virus.
Your best plan of action is preparedness. Prevention of this scenario is possible. And it usually starts with making sure that your network is properly managed, patched, secured and most of all: trusted.
It’s really not a scenario worth risking. The disaster recovery industry is a huge part of the IT sales talk track these days but the truth is that it’s always going to be a gamble.
Recovery options are limited to whether you can backup or not. After that it’s a fight against a skilled hacker existing in what’s quickly becoming a billion dollar industry or a complicated (and expensive) case of forensic data recovery.
Disaster prevention is what we like to preach. Put yourself in a position to feel like you’ve gone above the noise. Feeling healthy and fit, staying clean and away from germs—it feels good for your body. It really feels good for your network too.
— Jim Meder, Chief Information Officer, ACE