In the past few months I have seen an increase in the number of manufacturers impacted by ransomware. The infection typically starts when an employee clicks on a link or attachment. The email is often a very official-looking message that mimics something they may regularly receive.
When activated, the ransomware plants a program on the computer and quietly starts encrypting data. The data may be on your local computer or on any network storage you have access to. This includes dozens of file types including databases, spreadsheets, documents and images.
After it has quietly encrypted thousands of files, you will receive a message directing you to pay a ransom if you want to access the data. Many times businesses also discover the problem when people start reporting they can’t retrieve a file they frequently use but instead they get an error message.
Often the request for payment requires a short timeframe and must be paid in Bitcoins. The typical amount requested is not that high–enough to hurt but not enough to be entirely out of the question. Many who have paid the ransom report that their data was unlocked once payment was received. Others have decided to recover the data from a good backup and only lose some of the last few changes. All victims lose productive business time which is expensive; a large company can lose into the six figures and beyond. Ransomware has become a big business and authorities estimate that Cryptowall has taken in over $18 million so far.
Ways to combat this malware include:
- Frequent backups that are tested and able to be quickly recovered
- Ongoing employee education and testing around malware
- Regularly applied operating system updates and patches
- Malware protection on every machine
If you have been infected:
- Unplug all computers from the network immediately. Test each computer before reconnecting to the network.
- Either pay the ransom or restore the data
- Verify what data is still missing and fill in the gaps
A well-managed network is a lot less likely to fall victim to ransomware. But because the problem begins with user error it is important to regularly coach employees on malware attacks and how to avoid them.
The above article was provided by John Burton, President of of AIV member NPI, a technology management company located in South Burlington.