At First Line IT we have seen an increasing number of ransomware attacks on our clients over the past 18 months. Each attack was devastating to the individual company involved at the time although in all but one case we were able to recover all the data without paying the ransom.
Ransomware has been around for a while, but the criminals are getting cleverer: some are attacking backups in addition to the main systems, and some are hacking networks and online backups to put ransomware in place, rather than relying on people unthinkingly clicking on email attachments or website links.
The ransom demands have also escalated. Typically hackers are now demanding around £10k to £15k for the return of your data. And, of course, if you are going to pay it will be in bitcoins over the dark net. Will you actually get your data back? Who knows?
Ransomware is a piece of code that gets into your network and encrypts your data so that you cannot read or use it. One way to return it to normal state is to pay for a de-encrypting code; the criminals behind the attack usually leave a message letting you know how to contact them. You may also be able to recover your data from backups if these have not been attacked as well.
Many ransomware attacks result from email campaigns or website links in which the malware is distributed as an attachment or as a clickable link. However, cyber-criminals are now progressing to inserting ransomware through direct hacks, through weak passwords, into business networks.
Not necessarily. If your back-up is on a device permanently connected to your network and they hack directly into your network the hackers are likely to look for that and corrupt it too. Also, once into a machine or server on your network they can access your cloud storage such as Dropbox.
A few years ago it was good practice to run your network from a local server and regularly back up to a network storage device. This still works as long as you unplug the storage device, but if it remains connected to the network you are vulnerable. If they corrupt your cloud storage there is usually a recovery route but this can be slow and the disruption and stress is still best avoided.
Networks that still use a local server or storage device to share data are most at risk. If you use Office 365 or Dropbox, the vulnerable parts of the network are individual machines and through these they can reach your cloud storage. If you do have data on a laptop or workstation, also make sure it is not the only copy in the business.
If you are still using Small Business Server with both data and email you are very vulnerable indeed because both systems could be lost in a ransomware attack. If you have a hosted email solution, for example, at least your email cannot be encrypted.
The single most effective way to protect your data is to store your backups so that they are not visible on your network. Either backup online to a remote hosting system or use two backup devices and swap them over every day. In addition, we would recommend that you keep your emails and accounts data on separate systems: if you do that, there is a good chance you would only lose data – which would be painful but not disastrous.
You may be getting bored with this but the importance of unique, un-guessable passwords cannot be over-stated. If you think you won’t remember a long stream of characters, it’s not wrong to write them down somewhere safe– just don’t leave them on a sticky note on the computer screen.
First Line IT will carry out a ransomware vulnerability audit from £350 +VAT or four hours engineering time booked to your account. Please contact us for an informal chat about your risk levels and possible courses of action.