Did you know that a single pdf infected file can wipe out everything you have on your computer, with little to no chance of recovery?
2016 was the year of Ransomware. The possibility of being infected has risen as the threats have become more sophisticated. And 2017 is expected to be even worse. And it’s not just the big fish they are going after, as was the well publicized infection of a midwest hospital. They are going after individuals as well, and I have had 2 clients become infected. One lost years of photographs from extensive travel, while the other was lucky enough to have opened the infected file on a pc that didn’t have any real data.
For those not familiar, let’s start with Ransomware 101. Ransomware is a virus that is hidden in a file, not just executables, but PDF and Word documents as well, and as the threat grows, they are finding even more ways to infiltrate computers and networks. Once infected, the unfortunate person is impacted by having all of the data on their pc as well as mapped drives encrypted. In the early days, it was using 128-bit encryption, and some of these have actually been broken and folks were able to recover. But now, most of the threats use 256-bit encryption, which means that there is little to no way to recover the files, with some exceptions.
Once the files are encrypted, the person that sent the virus leaves behind instructions to deposit bitcoins (a term we’ll discuss in a later post) into a unique account. And if done within 7 days, they will provide the key to decrypt your files. If not done in 7 days, the amount doubles, and continues to do so until paid, or they get tired of trying to extort money out of their prey. But, even if you pay, there is no guarantee that you will get the key, and there is no way to track the money or the people behind the request. Unfortunately, the best advice I can give in this case is to not pay, do your best to recover, and move on, because paying them only supports their efforts. If they didn’t make money, they would stop, but that’s not the case.
The best defense against this type of attack is backups. I can’t stress how important they are, not only to businesses, but individuals as well. And you need to be sure that your backup is not accessible by the virus, because if it is, it will be encrypted as well, and you will not be able to recover.
Personally, I backup my computer every hour (I’m a mac user, so time machine takes care of that) and I also backup a full system image every night. I know it sounds like a belt and suspenders type of approach, but one makes file level recovery easy, while the other makes it easy to recover the entire system need to be restored.
I use a similar approach with my clients. There is an on-site hourly backup, followed by having the backup copied off-site to my data center space. The data center is close enough that I can get a copy of the system quickly and recover in a short period of time. For those that use other major cloud providers for backup, you have no idea where your data is stored, and it could take days to get a system image for recovery, and weeks if you need them to send you a copy.
So, the moral of this story is backup, and then backup your backups. If you are unlucky enough to be hit with one of these viruses, you will be glad you did.
For statistics and additional information on Ransomware in 2016, you can find it here: http://bit.ly/2k0eotA
John Carney, President and Chief Technology Therapist at Carney Consulting LLC can be reached at 484-228-8284 or visit his website at www.carneyconsulting.com