Company hit by Ransomware?

So what is Cryptolocker and Ransomware? You’ve likely heard about it on the news and Internet. Ransomware is a classification of malicious software that encrypts data on your computer and potentially your entire business network, then demands you pay a ransom in order to decrypt your data.

The fee is anywhere from a few hundred dollars to thousands depending on which variant of the infection you have.

To make things worse, most antivirus and anti-malware software is unable to stop it. This virus is incredibly well designed and actually masks itself as a different type of file. It will usually enter your network via a finely crafted email that may look like it came as a scan from your photocopier or a FedEx delivery message etc.

Once you open the file, the infection will run like wild fire through your computer encrypting nearly any file you have access to. It will also connect to any network drive, across your network and into your server files or any other shared files and folders on other computers on your network.

If you don’t catch it fast, or if this happens on a Friday afternoon and it runs all weekend when your office is closed, consider your data gone. There is no way to get your data back without doing one of two things:

Pay the ridiculous fee and hope these guys actually give you the decryption key.
Restore your data from backup.

Those are the options. This is why it is INCREDIBLY IMPORTANT to make sure you always have up to date and working backups. If you’re a business owner and have an IT company managing your technology, make sure it is top priority to have your backups tested on a regular basis!

I cannot stress that enough. TEST YOUR BACKUPS REGULARLY to make sure they are working when you need them. There’s nothing worse than having a server crash or a virus infection like Cryptolocker wipe out your entire server and then finding out your backups haven’t been working for the past weeks, months or even years!

This can end your business permanently!

An ideal backup solution will include local backup to some sort of file storage device like a NAS (network attached storage) device or even a large USB drive connected to your server. Make sure you’re doing full image backups meaning everything is included. Files, settings, programs, the entire operating system should be included.

Doing full image backups will take up a lot more space but it will make for a much faster recovery time if you ever need to rebuild your server. Faster recovery means less downtime for your office and will minimize any lost revenue due to office closure.

In addition to a local backup, you’ll also want off-site storage. In the old days this meant changing tape cartridges in your server every day and taking them to your home or safety deposit box on a regular basis. Nowadays, online backup is the way to go. Work with your IT company or do some digging on Google to find a backup solution that includes offsite cloud storage of your data.

Make sure you are conscious of were your offsite data is stored. There are restrictions in some cases as to where your data can geographically reside. Law firms in Canada for example (at time of writing this post) must have their data stored ideally in the same province and must remain in Canada.

As you can see, dealing with Cryptolocker Ransomware is a very scary task for any business. If you haven’t been affected yet, consider yourself lucky and take the time now to make sure your backups are in good standing.

For those that have been affected, you’ll now likely never forget to check your backups again. This is a good thing and I wish more companies put a higher priority on testing their backups regularly and didn’t need something like Cryptolocker Ransomware to scare them into it.

So what steps should you take to prevent Cryptolocker Ransomware? Most are quite simple:

  1. Educate your staff and make them aware of this post and related articles online. The more fear they have, the safer they will be.
  2. Make sure staff don’t have administrative rights on their local computer or the network.
  3. Implement a solid antivirus, anti-malware and email filtering solution.
  4. Oh yeah, did I mention MAKE SURE YOUR BACKUPS ARE WORKING and make sure you have an off-site backup because Cryptolocker can infect your backups as well!

Dealing with Cryptolocker Ransomware if you’ve been infected:

  1. If you cannot immediately identify which computer is infected (you’ll usually see a popup message with some kind of ransom page) then shut off every computer in your office including the server.
  2. Call your IT company and tell them what has happened, they’re likely to be very familiar with the issue and have a game plan ready to go.
  3. Assess the damage with your IT company.
  4. Restore from backups or pay the ransom.
  5. Use this as an opportunity to review your backup solution and what could have been done better.

Most importantly, try not to panic as this will only cause more stress and chaos at your office and may lead to bad decisions being made. You need to involve the professionals when dealing with Cryptolocker Ransomware. Call your IT company and work with them to resolve and restore.