Coffee in hand, you’re preparing to read through your new emails as you start your day. You anticipate a productive day today. Yesterday you stayed 3 hours late to complete your big presentation, 2 days ahead of schedule, and you’re basking in the glow of the satisfaction of a difficult job well done and being ready early. How often does that happen?
You have Outlook open and are starting to review the newest emails when all of a sudden, a window pops up with bold text:
!!! IMPORTANT INFORMATION !!!
All of your files are encrypted with RSA-2048 and AES-128 ciphers.
Huh?!?! What does this mean?
It means your day has taken a turn for the worse… You have just been notified that the Locky Ransomware has just completed its work on your system by encrypting all of your files (rendering them useless) and is now demanding payment from you to get your files back. Depending on the sophistication of the Locky variant, it will ask you for anything between 1-15 Bitcoins (Bitcoins are trading for $1,205.00 at this time). This may depend on what it perceives the value of the stolen files to be. Server infections typically demand larger sums. Instructions are included on how to make payment with the guarantee that if payment is made, you will receive a key to unlock your precious files.
What can you do? Your mind is racing. How can this happen?!?! Your heart rate is increasing rapidly! Put down that coffee… take a few deep breaths. This represents anything from an irritating interruption to a disaster of epic proportions. What you have done up to this point will determine the impact of this event.
If you have good backups, this represents a minor inconvenience. If you don’t have backups at all … you will have to decide if you’re going to count your losses and move forward or consider paying the Ransom. After all, there is honor among thieves … or is there???
How can you avoid being in this situation?
There are several things that can be done before you are in this situation to “reduce your surface of vulnerability” and to recover without great loss.
- Backup your data.
Good backups cure many woes. You may not use your backups for months or even years, but when the need arises, you want to be sure you can recover to a point where you can feel whole again.
- Purchase Advanced AntiVirus and AntiMalware and keep it up to date.
Many of todays Advanced AntiVirus/AntiMalware programs will monitor your system for behavior that looks like ransomware at work and shut it down before it gets too far. Some will not.
- Do not open attachments or click on links in the email from unknown sources.
If you need to open attachments, scan them for malware first. Many people are fooled by Human Engineered emails that “look” legitimate but have attachments or links that are masked in some clever way.
- Limit user access to data they need.
Although this doesn’t help with avoidance, it will certainly help to minimize the impact if it happens. If everyone has access to everything, that means if one person becomes infected, they have the capability to cause encryption of ALL data they can see.
- Train your staff on proper Business Security Best Practices and to be aware and vigilant. If your data is important to your business, it needs to be handled as such.
There are other “Best Practices” that can be employed to safeguard your data and business. Take a proactive approach and avoid the reactive. In the long run, the reactive approach will cost much more in time, money, and grief. Give Bryley Systems a call (844.449.8770) to discuss what you can do to improve your overall security, efficiency, and cost … and enjoy that coffee!