Please take the time to read below regarding a recent ransomware outbreak. We have seen an increase in the amount of Ransomware infections lately, and also the complexity of the infections themselves.
What is Ransomware?
Ransomware is malware that encrypts all your data, and then holds it hostage (you need to pay to get it back). In most cases there are NO WAY of getting your data back other than restoring it from previous backups. Paying the ransom in no way guarantees that you get your data back.
How do Ransomware infections occur?
Currently ransomware spreads mostly via email. It might be an email with a legitimate looking pdf document attached, or a word document with a malicious macro.
There has also been cases of bogus “Microsoft technicians” calling saying that they have detected errors on your computer. They may sound very legitimate and use remote access software (with your help) to connect to the computer where they then install the malware / virus.
Once this computer is infected, it will encrypt its own hard drive, as well as any network documents it can get hold of (for example server shares and pastel data). The latest versions even spread over the network to infect the other computers themselves, and will even encrypt backup drives attached to computers and servers.
What is the chances of getting it?
To date we have had multiple desktops and some servers being encrypted either partially or fully. More and more people are being affected and hence why we wanted to share information which could help you.
How do you stop it from affecting you?
There is no single solution that will completely prevent ransomware infections (or malware as a whole). A multi layered approach will serve you best, however having backups of your data is the most important of them all. Some or all of the below measures can be used to protect your data.
1. Windows patching (updates): making sure your system is up to date will help preventing attacks by closing security holes in your operating system.
2. Antivirus: Having an effective antivirus will help prevent virus infections. Installing a ransomware vaccine will add an additional layer of protection: https://www.dropbox.com/s/onvw5lo69stcqdl/BDAntiRansomwareSetup.exe?dl=0
3. Spam filtering: a cloud based spam filtering solution (such as SpamTitan) will help to block spam emails (used to distribute malware) and virus infected emails.Educating users not to open attachments from unknown senders (even if it is word or pdf documents). We have this product available if you are interested.
4. Disable macros in office packages
5. Make sure you have backups that are off site (such as cloud backups), or at least disconnected from your data. (rotating harddrives) Store documents on cloud based file storage such as Dropbox, google drive or onedrive.
Most of the above measures can be implemented at a low price point. Others may be more costly and more suitable for bigger networks (such as firewall appliances and software restriction policies)
Additional measures for business networks:
1. A firewall gateway appliance with gateway antivirus, Content filtering and Intrusion Detection services (Such as the Dell Sonicwall)
2. Using Office 2016 (has measures to protect from malicious macros)
3. Separate your guest wifi network from the internal network.
4. Stringent Software restriction policies can be implemented on domain based networks.
5. Use cloud based email service providers (such as Office 365 or Google Apps). That way your emails are on your local computer and on the mail server, so if your data file gets encrypted your mails are still safe on the provider side.
How will I know if I am infected, and what should I do?
Depending on how far your computer is encrypted, you may find that you cannot open some documents or pictures, and that the names might have changed to include a message saying that your data has been encrypted. Depending on the version of ransomware you have you may also get a message similar to this one:
If you suspect that you might be a victim, switch off your computer immediately. If you are on a network shutdown your server immediately as well and call us. The longer you wait the more data will be lost.
We do have tools that can help you to either prevent Ransomware or assist you with data recovery should you get the attached.
- SPAM Filter - IT Guys has a leading cloud based SPAM filter that scans your e-mails before they arrive in your inbox. We have noticed on several of our clients domains that the SPAM filter has successfully blocked the Ransomware Viruses.
- Cloud Backup - Our Cloud Backup solution keeps a history of your precious data, so should you have an attack and your data is encrypted, we will be able to recover to a previous date.
Please contact us for more information on these 2 basic but powerful products to help protect your data.