Ransomware: To Pay Or Not To Pay

Posted by msmessenger on Jun 6, 2016 12:00:00 AM

Up until recently, most of us had only heard the term “Ransomware” in passing and had little to no first-hand experience with it. Ransomware is menacing individuals, small to large businesses, school districts, and entire governments; and, according the FBI, ransoms collected via various versions of Ransomware top $1 billion annually.

According to a recent article by CNNMoney, the FBI has stated that the use of Ransomware has reached an all-time high. In the first three months of 2016 alone, cybercriminals have collected $209 million by extorting businesses and institutions to unlock computer servers. At that rate, Ransomware will be a $1 billion a year criminal industry this year, with total losses being even higher once related business costs are factored in.

Criminals aren’t only targeting large, wealthy, multinational corporations; local organizations such as schools and hospitals are falling victim as well. CNNMoney reported on a case of Ransomware being used to target a school district in South Carolina. Ultimately, the Horry County School District agreed to pay $10,000 to release the information, calling it a “business decision” that got their systems back online (excerpt from pymnts.com https://bit.ly/1SaF5pZ).

It’s no longer a matter of if, but when, you’ll be infected. As bad as an infection will likely be, there are some procedures and safety measures you can implement now that will help prevent the worst-case scenario and limit downtime when recovering from an infection.

What Is Ransomware?

First thing’s first, what is Ransomware exactly? Often referred to as Cryptolocker, Cryptowall, and, more recently, TeslaCrypt, it is a relatively new form of virus that took the Internet by storm in 2013. It encrypts or prevents access to files on the infected computer while simultaneously demanding a ransom within a short time frame or all files will be destroyed. When it first came on the scene, no one had any idea if they’d make good on their threats. It didn’t take long for the first round of victims to learn the hard way and inadvertently solidify the efficacy of Ransomware as a profit center by spreading the word on social media.

These people desperately tried to remove it but nothing worked. Users tried to remove the encryption file extensions on their files in attempts to access them to no avail; they tried to run virus scans thinking that would do something, but the damage was already done. They reflashed BIOS and installed new hard drives with no success. Traditional viruses install trojans or keyloggers to sit in waiting and intercept sensitive information and passwords that they can exploit. Ransonware is far less complicated and much more elegant, needing nothing more than to exploit our collective impatience and lack of common sense in many cases.

Once infected, victims generally have one of three choices: pay the ransom and hope that your file’s captor will in an ironic twist do the honorable thing and release your files, hope that your anti-virus provider has developed a method to clean your computer, or scrap the computer and start over. For those with little computer knowledge or no back-up plan in place, option one is the path of least resistance but offers no guarantee that you’ll have your files returned to you as they were or that your system will be free and clear of any latent malware that could once again infect you at a later date. Option two offers no comfort for a business that must be up and running ASAP. This leaves option three, which is the most secure way to recover. However, it is sure to involve several hours of time from a number of people and require certain backups to be in place prior to infection.

How Ransomware Infects Systems

It seems that those behind these infections prefer carefully crafted email messages made to appear to be legitimate, urgent, and of trustworthy/unquestionable origin. They count on our inherent online impatience to momentarily disable instincts that would warn us that something isn’t right in any other situation. There is so much information about each of us and our businesses that can be used in an email that it’s very easy to personalize delivery vehicles to deploy the virus under the radar that even the most cautious of us are falling victim. The email may appear to be from a family member, your bank, a local court or person in the legal profession, and lately the IRS. The email usually comes with an attachment or executable file that installs the virus; it’s game over from there. That said, all is not lost if you take necessary precautions beforehand.

Ransomware Protection

Aside from hoping your anti-virus provider will protect you, the only fireproof preventative is to back up everything, all the time, both locally and to a cloud-based service such as Carbonite. The creators of Ransomware are keenly aware of the fact that people are lazy and unwilling to properly back up their files and data. They exploit this and expect you to pay because you have no choice without a carbon copy of your files somewhere else.

Services such as Carbonite have specialized teams that can assist you when you fall prey to a virus of this nature. I know from recent experience at one of my family’s self-storage facilities. They were able to find the last clean backup and isolate it from the corrupt files, helping facilitate a transfer once I’d rebuilt a computer, but I still had to junk the infected computer and start over. Think of it this way: If you have a clean backup of your files to an air-gapped external hard drive or cloud-based server, you remove their ability to hold you ransom. So what are the steps to avoid or prevent Ransomware?

  1. Install a top-tiered anti-virus or cybersecurity program.
  2. Most anti-virus programs come with anti-ransomware capabilities now for extra protection. Be aware though that some of these may unintentionally interfere with normal programs but offer the ability to white list safe programs that you need on a daily basis.
  3. Get to know your computer environment.
  4. Make a list of all the necessary software programs to run your business and keep all install media in a safe place. Nowadays, many of the programs we use are web-based; others are not and many can only work in conjunction with other programs.  I learned this the hard way. For example, I built a new computer and put the latest, greatest Microsoft Office on it. Then I found out that my facility’s gate access software program wasn’t compatible and required Microsoft Office 2007, so I had to buy an old copy just for that program.
  5. Record and file all software license keys in a safe place. We’ve all been stung by this when rebuilding a computer; you install Office only to realize you don’t have your license key.
  6. Create and employ a comprehensive back-up policy.
    1. Install a top-tiered cloud-based program such as Carbonite or Mozy-pro and make sure that all of your files and databases used with your facility operations programs are scheduled for backup. For extra security, look for a service that uses high-level encryption and multiple-factor authentication.
    1. You should create a regular day to perform manual backups and stick to it. This may create a step or two, but it’s an important habit to form.
    1. Once a manual backup to a USB drive or external hard-drive is complete, you should physically disconnect it from the computer and network until your next backup.
    1. Record and file all passwords for all programs because they’ll be the first thing you’ll want to change once you are up and running again. If you use Google Chrome or a number of programs designed to encrypt and store passwords in the cloud that will usually suffice, but it’s never a bad idea to have a copy on hand.
  7. Educate yourself and your employees on proper cyber safety.
    1. Nothing is fail-safe and, even with all the precautions in place, there is no better offense than a good defense. Don’t open suspiciously worded emails, emails that have a heightened urgency, or emails from “banks” or financial institutions that don’t regularly communicate with you or your business via email.
    1. Never give out sensitive personal or business information over the phone; this includes passwords, social security numbers, bank accounts, etc. Banks don’t typically call you and ask you to authenticate your account information over the phone. You’d be amazed at how creative these perpetrators can be and how skilled they are at extracting information that they can later use to deploy their virus.
    1. Bottom line: Use common sense. If you don’t know the sender or feel something just doesn’t seem right, don’t open the email! Don’t let curiosity overshadow natural skepticism; erring on the side of caution is always the best bet.

James Appleton is the advertising sales executive for MiniCo Publishing. He also sits on the board of directors of the Arizona Self Storage Association as its Technology & Communications Chairs, assists in the management of his family’s self-storage portfolio, an develops websites and performs ongoing SEO consulting through his web design company, Barking Tuna Web Design.