I feel confident in this statement: If you haven’t awoke to the big red screen informing you all your files have been encrypted, you know someone who has. Ransomware is a real and quickly propagating threat. Normally distributed through phishing emails and file sharing networks, these attacks are becoming more frequent and more sophisticated. Once your system has been compromised, it is increasingly likely that your data will never be recovered. When first released in the wild in 2013, there did seem to be some honor among thieves-they’d sell you the decryption key for a very hefty sum. These days with Ransomware-as-a-Service programs (yes, that is a real thing) and attackers who have no interest in your data, only your money, many of these attacks do not even bother to encrypt the files. They are simply deleted. Pay up, get nothing. Your data is gone. Forever.
A 2016 ransomware survey gives nothing but bad news.
According to a recent survey by Radware 49% of businesses have been the victims or potential victims of a ransomware attack. Unpatched systems, unsecured networks and improper domain policies all contribute to this major threat. The many interconnected devices roaming around on your network all provide an opening for one of these attacks to impact your business. Mobile phones, NAS devices and even Internet connected TV’s can provide an avenue for entrance. I cannot stress the importance of proper user education, maintenance routines, security protocols and access policies to help guard against a ransomware attack on your business. In just the first few weeks of the new year, I see headlines of new attacks spreading every day: Sage, Spora, Cerber and Locky. All new (or new, proven variants of old malware), all spreading like wildfire.
It can happen to anyone.
Recently I took on a new client. They called having a particular need and also wanting to find a new provider. It was a small office, less than 15 users and not in a particularly coveted business sector. Over a few weeks I addressed a few outstanding issues, but we’d not made time to really go over the systems and policies they had in place. They had a server which had been maintained by another company up until a pretty recent date and a firewall. Great. All items to be looked at soon, but not an immediate threat. Well, not a threat until the day they called unable to access the shared calendar. On-site, I quickly discovered their server had been hacked, either through an unpatched issue on the network or, more likely, the firewall that probably hadn’t had a firmware update on it for quite some time. There, staring me in the face was the note I’d come to dread more than once: Your data has been encrypted. Go here. Pay this exorbitant amount. Get your key. The client hoped, scrambled, and searched for some kind of answer that would get them their data back. I, of course, advised against paying, but I’m sure they thought about it briefly. I showed them several sources that backed up what I told them: it was highly unlikely they’d get that data back anyway. There is no feeling like having to tell a client all their data is gone. There is a happy-ish ending, we did manage to get them functioning again. They have a brand new firewall and better processes in place that meet their needs and protect their data. But those things came at a price. A proactive security and maintenance policy costs money too, but for about the same amount it gives you a much better chance of having your data on the other side.
Don’t let them hold your data hostage.
In past years many of these attacks were used as a way to implement identity theft, encrypt your data, and then bilk you out of a couple thousand dollars. They had your data hostage and you cared about getting it back. Today you aren’t likely to even get that lucky. While budgeting for things like this is expensive and it’s not fun. If you want to be confident your systems and your data are there for you when you need them, it simply must be done!