It used to be that a virus on a PC was just an annoyance – maybe too many unsolicited pop-ups cluttering the screen, or a general decrease in performance. Today, however, cyber criminals have taken advantage of the business world’s dependence on technology and electronic documents, and have begun attacking domains with a new breed of intrusion: Ransomware. Like malware, ransomware is software that is unintentionally installed by a user onto their computer or network, which then works behind-the-scenes to corrupt a system or network. What makes ransomware different from the rest, however, is the criminal’s ultimate goal: monetary gain.
How does it get on my PC or network?
The method of infection for most viruses, but especially ransomware, is email. With the more common (and effective) strains of ransomware, the victim will receive a relatively legitimate looking email from an address that appears to come from within the company. This email will have some sort of attachment, generally a file that looks to be a PDF or some other commonly viewed and opened file extension. In fact, the file is just masquerading as such, and is actually an executable (.exe) file that proceeds to infect and corrupt at the deepest system levels.
How does it work?
The most common ransomware out there today is CryptoWall, a variation of CryptoLocker. CryptoWall came onto the scene in April 2014, CryptoLocker in late 2013. Both function similarly by encrypting any data file they are able to access, with a powerful encryption that has yet to be broken. In any place the virus reaches, it will leave alongside your newly encrypted files an ominous file called “DECRYPT_INSTRUCTIONS.” In this file, the victim is informed of the state of their data files, and is told to follow a link to a website for further information on how to decrypt their files. At the website (a unique address for each victim), ransom of what is usually $500 is demanded, in the form of Bitcoins – a decentralized, untraceable internet currency. Upon payment, the cyber criminals state they will deliver a decryption application to decrypt one’s data files and render them useful again. Unfortunately for most people, they have just three options: 1) struggle to find a decrypt solution that does not involve paying the ransom; 2) pay the ransom and hope to get a valid decryption application in return; or 3) give up and lose the files. For most businesses, the amount of data that would be lost is simply unacceptable, so option 3 is out; and regrettably, option 1 is ineffective as the encryption has yet to be broken. So what’s left? Having to pay.
How do I avoid it?
There is, of course, another alternative to the entire situation, and that’s to proactively avoid it altogether. By maintaining comprehensive anti-virus coverage on every device on your network, you can be comforted by knowing that any attempt at intrusion will be flagged and prevented. It’s necessary as well to make sure you and your employees are well-educated on how these threats enter the network, so that potentially innocuous looking emails can be recognized for what they are. Finally, a thorough and active backup solution will ensure that even if an infection makes it onto a computer on your network – or worse yet, onto a server – restoration of those data files you depend on for business continuity is readily available. Contact us to learn more about virus prevention, backup recovery solutions, and the steps your business can take to be secure.