A few of our customers have been victim to a new and growing threat called ransomware.
Ransomware is a type of malware that attempts to extort money from a computer user, by infecting or taking control of a victim’s computer, or the files or documents stored on it.
The following occurs:
- Encrypts files so that you can’t use them.
- Encrypts personal files, such as documents, spreadsheets, pictures, videos.
- The victim can use the computer to do anything except access the encrypted files.
- Files are deleted once they are encrypted and generally there is a text file in the same folder as the now-inaccessible files with instructions for payment.
Simple tips to protect your data from ransomware.
- Back up your files regularly.
The only way to ensure that you can immediately handle a ransomware attack is to implement a regular backup schedule so that your company can get access to the files it needs without dealing with the cybercriminals. Your backup should have certain restrictions, such as read/write permissions without an opportunity to modify or delete the files.
- Smart It Databases
Never copy the Smart It database file (.FDB) directly because it could corrupt the running database and the copy!
Always use the backup function instead. You can freely copy the back files (.BKP and .BKP.7Z)
- Cloud or Remote Backups
It is a very good idea to use cloud storage such as Dropbox to keep a safe offsite backup which stores multiple versions.
Copying weekly backups to an external hard drive or USB drive and storing it at home in a safe is also a good disaster recovery option.
- Check your backups.
There are times when something can damage your files, or your Dropbox runs out of space. Be sure to check regularly that your backups are in good shape.
- Protect against phishing attacks.
Cybercriminals often distribute fake email messages that look like an official message from a vendor or bank, luring a user to click on a malicious link and download malware. Teach employees that they must never open attachments (albeit on skype) from an unknown sender or even suspicious attachments from a friend in case they have been hacked.
- Trust no one.
Or rather, trust but verify. Malicious links can be sent by your friends or your colleagues whose accounts have been hacked. Let employees know that if they receive something out of the ordinary from anyone, they should call that person directly to verify that they sent it and find out if their accounts have been compromised.
- Enable ‘Show file extensions’ option in the Windows settings.
This will make it much easier to distinguish potentially malicious files. Because Trojans are programs, employees should be warned to stay away from file extensions like “exe”, “vbs” and “scr.” Scammers could use several extensions to masquerade a malicious file as a video, photo, or a document.
- Regularly update your operating system.
Cybercriminals tend to exploit vulnerabilities in software to compromise systems. We recommend enabling automatic updates.
- Use a robust antivirus program to protect your system from ransomware.
But if ransomware hits…
- In 99% of cases your data is gone forever!
This is the reason why having a solid backup plan in place is crucial.
- Cut off your internet connection immediately.
If you discover ransomware, shut off your internet connection right away. If the ransomware did not manage to erase the encryption key from the computer(s) in question, then there is still a chance you can restore your files.
- Don’t pay the ransom.
If your files become encrypted, we do not recommend paying the ransom unless instant access to some of your files is critical. Each payment made helps the criminals to prosper and thrive to go on to build new strains of ransomware.
- Try to identify the malware.
If you are hit by ransomware, try to find out the name of the malware. Older versions of ransomware used to be less advanced, so if it is an earlier version, you may be able to restore the files.