What is Ransomware?

Ransomware is a generic term for a computer virus that encrypts, or locks, computer files and folders with a password/encryption key unknown to the computer owner.  The individual or group responsible for the virus threatens to keep the information locked indefinitely or permanently delete it unless a monetary ransom is paid.  One of the most well-known ransomware viruses is the Cryptolocker.

How does my computer get infected?

Like most viruses, a ransomware virus is most commonly introduced onto a computer or computer network through the actions of a single, unsuspecting employee.  The following are examples of how someone can unintentionally acquire the virus:

  1. Email – this is the most common way of receiving a ransomware virus. Emails are “spoofed” to look like they are coming from a legitimate source.  Attached will often be a PDF document that the reader is tempted to open due to the genuine appearance of the email.  Once opened, the ransomware is installed and executed on the recipient’s computer.
  2. Website – when surfing the web and downloading free or even purchased content like music, games and software, viruses can be embedded in the download “package” secretly installing a virus.
  3. Thumb-drive – these infected devices are typically left behind on the floor or public location. The curiosity of the individual that finds the device prompts them to plug it in to a computer to see what’s on the drive.  As soon as the drive is accessed, the virus is installed and infects the computer.

How bad can it get?

Like most viruses, ransomware infects as much as it can get to.  This is usually determined by the permission of the user who allowed the virus onto the computer.  Therefore, if the user only has access to the human resources files, those will be the only ones infected.  However, if the user is an administrator and has access to all files on the computer, server and network, then the virus can infect every company file and folder, ultimately bringing the company to its knees.

 

How do I protect myself and my organization from these viruses?

  1. Anti-SPAM software – ensure your email is being scanned for SPAM prior to reaching your email server. Many known illicit senders are blocked by SPAM filter software before they ever reach your computer.
  2. Anti-virus software – good anti-virus software will prevent viruses from being downloaded, installed and opened from a variety of sources. Unfortunately, the only way the anti-virus software company knows about a new virus is when someone gets infected (i.e. someone has to be the first victim).
  3. Backup – no matter how vigilant your organization may be, a virus can ultimately find its way onto your computer. Therefore, it is critical that you always backup your critical company information, keeping multiple generations (i.e. versions) of every file so that you can recover to a version that was backed up prior to the virus infection.
  4. Limit Authorization rights – grant employees access to the files and file shares required to do their job and no more than that. Separate files by job responsibility, security and privacy level into different folders with separate permissions.  Administrative users should have two accounts – one used when they need to do specific, network wide changes (i.e. admin work) and one for daily work that doesn’t require as much access (most of their daily work should be done using this account).
  5. Policies and procedures – it is critical that the organization’s employees know what is and isn’t permitted while on a computer at work. Policies around email use, website surfing and file sharing controls need to be documented and shared on a regular basis, with clearly established consequences.

To learn more about information protection and preservation strategies, visit us on the web at www.site2.com, or contact Scott Murray at 877-SITE-TWO, ext. 5312.