The problem is not well-known by many in the world. Many individuals, companies, and organizations around the United States learn about it when they are directly exposed to it through an infected computer or network environment. Others might be fortunate enough to learn about it in advance and can make the effort to protect themselves.
The threat is called ransomware (also known as extortion-ware; a specific version, which became a descriptive word for it, as well, is Cryptowall). It is a sophisticated method whereby a criminally motivated virus infects a computer, encrypts as many files as possible making them inaccessible, then the owner is given a message stating that they must pay money in order to have their files decrypted for use again.
The virus typically comes in the form of an email attachment or a link in an email that opens a web page that downloads the virus. The virus can also be spread via infected files, flash drives or from another infected computer on the same network.
File types that are encrypted and made useless by this virus have no limits – documents, spreadsheets, presentations, PDFs, pictures, videos, and databases are all at the mercy of this threat. Accounting databases such as in QuickBooks, tracking spreadsheets, AutoCAD designs, website page files, family photo albums, and other files types are all vulnerable to this threat.
Many cloud file sharing and backup services are also impacted by this virus, including Google Drive, Dropbox, and Carbonite.
Many companies are not taking precautions to prevent ransomware infections or limit the impact of an infection. Many IT personnel and departments are not recommending the the proper efforts, either.
Those who are trying to take precautions to stop this threat are still being infected as hackers are constantly recoding their viruses to get around many antivirus and network protection hardware and software.
The threat is ever increasing as criminals see it as a lucrative means of extorting money from individuals and businesses. Ransomware is responsible for generating an estimated 400 million dollars each year from US companies who have been infected.
Typical Responses to Ransomware
Those infected with this nasty criminal virus have two choices:
- Pay the ransom being asked and hope that the extortionists send them the decryption software to give them access to their files.
- Lose all of their files, wipe their system clean, and start over.
If paying, the criminal will usually ask for payment in a digital currency that cannot be traced called Bitcoin. Even if in another form, reporting the incident has very rarely lead to an arrest. These criminals are most commonly in Eastern European nation states or China. In those rare situations where an arrest has occurred, the files and money are not recovered.
Properly Responding to Ransomware
Managing a ransomware infection situation depends on the value and impact of what has been impacted. It can be scary and daunting when you’ve discovered that ransomware has taken hold of your business computers and even servers.
If you’re an individual, it might be best to call the loss and lose the documents, photos, and other items impacted.
If you’re a company, you have to look at the value of the data you’ve lost and make a decision about how to proceed.
It makes those responsible for a company question many aspects of their network and data security. There is often anger toward those responsible for bringing the virus into the company, which can be anyone from the owner to an intern.
The action that brought ransomware virus into a company computer or device is nearly always an accident. An email that looks legitimate is most often the cause and anyone can be mislead by such a situation.
Responding properly can be a nerve wracking task. Our company can assist in mitigating the damage caused by ransomware and assessing the situation to see if recovery of some or all data is possible. Sometimes, the solution is to attempt paying a ransom through a careful process.
If your company has been infected, reacting quickly is important. Reach out for help as soon as possible so action can he taken.
There are various software, hardware, and policy actions that can help prevent ransomware infections and limit the damage caused by them.
Clarity Business IT Solutions can help install and implement these items, which can help reduce the threat and subsequent damage. We have helped companies both in mitigating ransomware infections that have effected their shared files as well as implement systems that prevented infections in the first place.
The process of protecting or responding can be unclear. We want to bring clarity by helping you understand what’s needed and why.