24 Jun

Security Alert: Ransomware

ransomware

I’m writing this because I want you to be aware of a growing malware trend: ransomware.

This email includes an overview of the problem, advice on preparing your customers and your own business for ransomware outbreaks, and links to a number of helpful resources.

WHAT IS RANSOMWARE?

Ransomware is a type of malware that blocks access to a computer system until a sum of money is paid. Many businesses are currently being targeted by “crypto-ransomware”, which actually encrypts the files on a PC. The attackers will only provide a decryption key if the victim pays them.

HOW SERIOUS IS THE THREAT?

Very serious. There are new headlines every day about ransomware attacking hospitals, cities, police departments, and businesses of all sizes.

The potential loss, however, is more than the cost of the ransom payment. The real damage comes from user downtime: when ransomware hits you, your files may be locked and inaccessible for days, unless there are business continuity plans in place (more on that below).

Even if the ransom is paid, you’re strongly advised to wipe infected computers. This suggests that the infected business will likely suffer downtime no matter how you respond to the criminals’ demands.

HOW DO PCs GET INFECTED?

Ransomware infections happen primarily through phishing emails. A user receives a seemingly innocent email and opens the attachment or clicks a link to download malware.

For SBO Exchange email or SpamToxin customers, inbound email is scanned and filtered for all known malware, including all known ransomware variants, based on industry leading virus signature databases. Unfortunately, there are entire criminal industries dedicated to developing new variants that are unknown to filters.

This is why it’s critically important to take the prevention steps listed below.

HOW TO PROTECT YOUR BUSINESS

I’m encouraging all SBO customers on the following steps:

  • Make sure you have file backups. If you don’t have file backup in place, advise them to deploy a service solution immediately. I recommend Dropbox for Business as both a recovery solution and a business continuity solution, but any service can provide an alternative path to file restoration other than paying ransom.
  • Educate users about phishing. Good tips for helping your users recognize suspicious emails are contained in this Phishing Prevention.
  • Build a containment plan. Ransomware has been known to propagate from one user to another. Make sure that you have a good solution in place that keeps multiple versions of your files to ensure you can rollback to an older copy if the present one is infected.  Again, one great solution is Dropbox for Business.