Keeping your Data Safe in the Ransomware Era

Is your data safe?

The short answer is probably not, even if it was reasonably safe in the past.

Unfortunately we are now in the era of “ransomware” which is a relatively new type of malware that is capable of destroying extensive data on any system.

Here are a few aspects of ransomware we should all be aware of:

  • The primary motivation of ransomware is to demand and obtain a payment from you. Ransomware usually demands a payment via an on-screen popup message after your files are locked up with a military grade encryption algorithm.
  • Paying the ransom that is demanded (typically a bitcoin based payment) will sometimes fail to unlock your data, potentially causing permanent loss of your information.
  • The best known current ransomware programs are named Cryptolocker and Cryptowall. Google either one of these names and you will find many articles with more information.
  • Even properly updated mainstream anti-virus software is often unable to detect and block some ransomware programs.
  • Ransomware programs typically destroy the data on your individual workstation, and also encrypt / destroy any data that your system can access on other workstations, or network servers that your system can access. There is normally no visible sign or evidence that the ransomware program is destroying your data while the process is underway.

Until a few years ago, before the new era of “ransomware” computer viruses, the usual business practice to reasonably protect data was to run a nightly backup of their data, and to use a mainstream anti-virus program to prevent most malware / virus security problems in the first place.

Unfortunately, a nightly backup and basic anti-virus software is no longer adequate to provide a reasonable degree of protection for your data.

Again, its not just “your” data that is at risk of destruction. Any data you or others within your organization have the ability to access and change is also at risk. It is typical for newer Ransomware viruses to “reach out” and destroy anything a computer that becomes infected with has the ability to access.

Remember the whole point of a computer network is to share data, so it is typical for even a non-management user on a company network to have access to most of a company’s data, unfortunately putting all that data at risk from a ransomware style attack.

Protecting your data, our recommendations

First, invest some time understanding how your data is currently protected. Here are some questions to ask your Bayside IT consultant:

  • How often is your data backed up? Recognize that a Ransomware style attack will usually result in the loss of ALL of your data back to the last time you backed up. How would the loss of all changes to your data made since your last valid prior backup affect your business?
  • How much would it cost to restore my system in the event of a Crypto type attack? How long would my office be down for? What data would we likely lose? What would it cost to restore our system? How could we make our data more resistant to attack or loss?
  • Have the computer users in my office received any type of computer security training?   Can they recognize the difference between valid and malicious email attachments or web links?   Most computer infections are brought into an office by poorly trained users that click on a malicious attachment, or install a "freeware" program that they install onto their system.

General recommendations:

  • Run two forms of backup, ideally a cloud based and internal backup system
  • It is critical to run two forms of backup, especially if one backup method fails temporarily - you must have an additional solution in place to maintain protection for your data.
  • You should run some form of “continuous backup” that works to protect your data throughout the day, as your files or databases change and are updated. Examples of this type of protection include: frequent storage drive snapshots, sql database replicas, and file-system cloud backups such as Carbonite.
  • Review the following “safe computing” article. In my opinion, having some “street smarts” as an Internet user is more important than just about anything else - even MORE important than running anti-virus software.
  • Arrange for your users to complete an online computer security course.   Knowbe4.com and Trustwave.com are two major providers of this type of service and there are many others similar providers.
  • Designate a responsible internal employee for monitoring the backups in your office, establish a process where that person reports and confirms that your backups are running properly regularly to their manager or company owner
  • Confirm that your cloud backup is setup to notify the designated responsible person and their supervisor of any failures
  • Carefully avoid storing data on your local (workstations) unless they are also backed up!
  • As a reminder, Bayside networks does not supervise your data backups.

With ransomware, what you don’t know or aren’t prepared for really can hurt you. The good news is that with a little extra preparation and a minimal investment of time you can manage this risk successfully.