Trident’s Senior Systems Engineer, Byron Alston, explains what ransomware is, how to guard against it, and what to do when you’ve already been a victim to it.

What is ransomware?

“Ransomware is a sophisticated type of malware that is specifically designed to block the victim’s access to his or her files,” explains Byron. “It’s fairly prevalent and there’s not much that can be done once it’s on your computer.”

The most common way ransomware works is by encrypting data with advanced algorithms that are close to unbreakable. Once the files have been encrypted, the user will get a message demanding a price for the decryption code. Often the ransom payment has a time-limit, which only increases the level of panic and willingness to make impulsive decisions. After the deadline hackers will typically increase the ransom, or destroy the data completely.

To make matters worse, ransomware can be spread amongst computers sharing a network. It frequently features data extraction capabilities, which means that data from the affected computer (usernames, passwords, email addresses, etc.) can be stolen and sent to a server controlled by cyber criminals. The inventory of things that ransomware can do keeps growing every day. Encrypting ransomware is a complex and advanced cyber threat which uses all the tricks available because it makes cyber criminals a huge amount of money. We’re talking millions!

My data is locked and I’ve already gotten a demand for money! Now what?

First thing you need to isolate the computer where the ransomware originated, and make sure that none of the other computers on your network have been infected. Remove all suspected computers from the network immediately. Do this by disconnecting the Ethernet cable or the WiFi connection.

Byron gives three questions businesses can ask themselves when evaluating their next steps after falling prey to ransomware:

1)     When was your most recent back up?

If you’ve been backing up your data on a regular basis then you are in luck. It may be possible to retrieve the large majority of your data, so you won’t even have to consider paying off your hackers.

2)     How much time passed before you caught the virus?

Often there will be a file on your computer where the ransomware originated and it will have a time and date stamp on it. It takes a bit of time to encrypt files, so depending on when you halted the malware it may have more or less of an impact.

3)     Is it more cost effective to rebuild my data or to pay the ransom?

From this point you should begin to assess which of your data is inaccessible. Believe it or not, when cyber-thieves receive their fare they usually honor their word and decrypt the files. If the hackers didn’t abide by this, people would have stopped paying long ago and it wouldn’t be such a profitable industry. “I would never recommend a business pay the ransom for cybercrime,” said Byron. “But I can understand why some companies feel the risk of losing their money is worth it compared to the data they might never get back.”

Top three ways to avoid ransomware:

1)     Back up, back up, back up

“When it comes to ransomware,” Byron said, “The best thing you can do is ensure that you have adequate back-up solutions that are monitored regularly.”

2)     Train your employees in simple IT security practices

The people who work for you could well be a weak link in your defense. Having trained personnel that are security-conscious is extremely important. Workers need to know what to look out for so they aren’t fooled by malware-infected emails or tricked into disclosing passwords.

3)     Beware the unknown attachment

Byron believes most ransomware gains access to people’s computers through emails. Computer users should practice extreme caution particularly when it comes to emails with attachments. Never open an attachment from an address that is not recognized, and try to have prior knowledge of any attachments that are coming your way. Delete any suspicious emails without opening them.