Ransomware

I would like to discuss a little bit about ransomware.  For those who don’t already know ransomware is a type of malware that when it infects a system it will encrypt all the data on the system, in some cases even reaching out to network drives that are shared from a server.  Once the data is encrypted the only way to decrypt it is with the decryption key, which the attacker will gladly supply to you for a fee, normally paid for with BitCoin.  Anti-Malware software has struggled with preventing these types of attacks because by the time they are leaving a trace that they exist files have already been impacted, so with prevention being very difficult what do you do to combat this threat?

In this case the best defense is a strong offense, first and foremost safe computer use is a must.  Most ransomware is spread through people opening infected email attachments, if you don’t know the sender you shouldn’t open the attachment.  The next line of offense towards these attacks is to make sure the data is safely backed up and the easier it is to recover from that backup the better position you will be in.  At my work we use as well as sell a product called Datto to backup all of our critical machines, this product has proven to be worth it’s weight in gold when we were struck with a ransomware attack.  We have also experienced similar issues at some of our customers sites and the the Datto easily recovered the impacted files.  These backups allowed us to take the infected machine, clean it, and then simply delete the encrypted files and replace them with the backup copies.  An inconvenience, but hardly the devastation of paying thousands of dollars in ransom or permanently losing the files.

For the home user a solution like Datto would be pricey and overkill, but there are are solutions out there that are priced right and aimed at the home user.  While I have no personal experience with it I have heard good things about companies like Mozy Pro or Carbonite for the home user, while these solutions are no where near as robust as the Datto, and absolutely not the right fit for a business, they come in at a price point and simplicity that the home user can benefit from.

When it comes to defending from ransomware you need to keep one thing in mind, you need a backup that will allow you to go and recover what the files looked like a day or two ago so you can recover them from before the infection occurred (this is called versioning).  Many people will use services like Google Drive, Drop Box, or Microsoft One Drive, and assume they are protected.  The fact is that those programs are designed to make it simple to share files, but not protect files.  Yes if you had a hard drive failure you can recover the data you saved in the cloud, but if that data is changed, such as being encrypted, that change is replicated out to the cloud as well.  So if you are hit with ransomware those thousands of pictures you have on your Google Drive account of your kid will be encrypted and useless unless you have a versioned backup of those files that you can go back to from before the infection happened.

If you don’t have your files backed up and they are important to you you can always pay the ransom, but remember there is no honor among thieves, you are dealing with criminals, and while statistics have shown most of the time if the ransom is paid they make good on providing the decryption key, there is no assurance they won’t just take the money and run.