The Rise of Ransomware

Ransomware infections are increasing at an alarming rate.  It can happen to you and your business. 

A handful of our clients have experienced ransomware attacks, so don’t think it can’t happen to you. It is happening everywhere and the instances of ransomware are on the rise. Your best approach is to educate yourself about ransomware and to take precautions.

What is Ransomware?

Ransomware” attacks such as CryptoWall, CryptoLocker, Locky, TeslaCrypt and other similar malware are malicious viruses that encrypt data on your local hard drive. Once the data is encrypted, they demand you to pay money for the encryption key or you cannot access your data.

Where Does Ransomware Come From?

Ransomware comes from a lot of places. One of the most common places is email attachments. Criminals send out tens of thousands of emails with innocent-looking attachments that when opened infects your computer. Ransomware can also come in the form of an infected popup advertisement or an infected website.

What is the Impact of Ransomware?

Unfortunately, ransomware has become such a big issue that the US Government has had to issue an alert, warning businesses about it as it can have huge consequences including:

  • Temporary or permanent loss of sensitive or proprietary information

  • Disruption to regular business operations

  • Financial and down-time losses incurred to restore systems and files

How is Your Computer or Data Held Hostage?

There are a few ways that your computer can be held for ransom. It used to be typical of ransomware to show a full screen pop-up stating "THIS COMPUTER HAS BEEN LOCKED" and demanding payment to an account to unlock the computer. This would not harm the computer or its files and could easily be removed by an antivirus or an IT technician.

Cyber criminals have changed their tactics and now change the files on a system to be unreadable until the ransom is paid. These attacks happen in the background and only announce themselves after all the files have been affected. These attacks work by using a key to encrypt the files and the user is only given the key after payment is received. And sometimes not even then. Most ransomware attacks will also reach out across your network to encrypt files in shares on other workstations or servers.

How Can You Protect Your Business From Ransomware?

It's important to be prepared for a ransomware attack, because after it happens, it will be too late and your files will be lost forever. The best practices for protection are the following:

  • Keep an offsite back-up of your important files and data. Ransomware is 100% ineffective when you have a copy of your data outside of its reach.

  • Be sure to restrict access to files and folders to only those people that need access.

  • Be smart when browsing the Internet. Many shady download sites are propagators of ransomware. If you are downloading software, be sure to get it from its official website. Be wary of coupon and savings websites promising ludicrous discounts.

  • Don't open email attachments unless you know the sender and are expecting the email. If you are unsure of the validity of an attachment, ask a member of your IT department if it is safe to open.

  • Use reputable antivirus software and a firewall. Keeping your security software up to date is key in avoiding attacks.

  • Make use of your popup blocker. Not only are popups frustrating interruptions, they are a heavily used tactic by cyber criminals.

What Steps Do You Take if You Are Infected with Ransomware?

If you end up getting a ransomware infection, you will find yourself unable to open files, or they will open and the contents will be nonsense. You may also find yourself with a window stating "Your files have been encrypted" and that to decrypt them you need to pay bitcoins. We do not recommend paying the ransom.

If you have a ransomware infection:

  • Disconnect from the Internet and your local network. You can do this by unplugging the network or turning off your WiFi adapter.

  • Then contact a member of your IT department. DWD’s network engineers are also available to assist with removal of the virus.