Houston (281) 807-2700
San Antonio (210) 225-5427
Austin (512) 433-4700
Get In Touch

Ransomware

What isย ransomware?

Ransomwareย is an unusual type of threat because it holds your files for ransom while leaving your systems essentially otherwise operational. A piece of malicious software enters your network and applies an encryption algorithm to your computer files, rendering them unavailable. The files are still there, and you can see them in a file structure, but you will not be able to open them with any program. Additionally,ย ransomwareย affects not just the device you are using, but any connected storage devices and mapped network drives. As a result, this type of malware poses a serious threat to your information systems. One infected device can bring your operations to a standstill. The person or group behind the attack provides information as to how to submit a payment, and in exchange, they will provide the decryption key. The attackers demand payment in some form ofย cryptocurrency, in order to maintain anonymity.

Some victims ofย ransomwareย attacks have not been confident in the integrity of their data backups and have paid the ransom to obtain the decryption key, and others have paid the ransom and obtained a key which did not decrypt the files. Both situations can be very expensive to your business.

How doesย ransomwareย gain entry to my network?

The purveyors ofย ransomwareย can inject the malware into seemingly innocuous documents, like invoices or estimates, or they can use internet links in an email to direct a user to a site that automatically starts a download and installation of the program. Documents containing macros provide an excellent opportunity to run the installer package without requiring direct interaction from the user. Some forms ofย ransomwareย take advantage ofย unpatchedย and unsolved vulnerabilities in the configuration of your devices and systems.

What are the most effective steps I can take to protect my business?

1. Deploy updates and patches in a timely manner. The operating system and application patches should be tested as soon as they are available, and applied to your systems as soon as your team can verify compatibility. Patching vulnerabilities will reduce the number of waysย ransomwareย can execute itself in your systems.

2. Ensure that your technology team has an effective backup and restore process, and that they are able to fully testย a restoreย from backup. Having a backup and restore procedure that you have validated will allow you to return your business to normal without paying an exorbitant ransom, still running the risk of not being able to decrypt the data.

3. Know the devices on your network and implement the same security procedures on any employee-owned devices touching your network that you have implemented on your business-owned devices. Maintain separate profiles on mobile devices, if possible, allowing only the business-facing profiles access to your network.

4. Disable SMB v1 on all devices on your network. SMB v1 is an outdated protocol and was the window that the creators ofย WannaCryRansomwareย exploited a few years ago. There may be some favorite processes that fail with the disabling of this protocol. If this is the case, you will need to perform a risk assessment against the cost you will incur with aย ransomwareย attack.

5. Ensure that all your employees understand the hazards of active content like macros, and that they exercise caution in using them. Train them as well not to execute macros on documents received from external sources. Common documents like invoices do not need macros enabled, and in fact, such documents should be saved without active content before sending. If necessary, ask your vendors to send only documents without active content. Ensure as well that the appropriate teams understand the billing and payment cycles, and that they become suspicious of out-of-cycle documents and requests.

6. Train employees to be extremely cautious about clicking on links in emails. Messages with links unrelated to your line of business, messages themselves unrelated to your line of business, and messages with spelling and grammar errors should raise suspicions. Your employees should also not use links in emails to connect to websites of business contacts unless the employees have verified with the sender that the link is expected, and an explanation of the necessity of the link. When calling contacts to verify the validity of links in emails, employees should use their own contact source, such as a corporate address book, rather than a phone number in the message that contains the link. A message with a malicious link may also contain a compromised phone number.

Can I recover from aย ransomwareย attack?

Possibly, but it will not be a pleasant process. Your best chance of recovery isย a restoreย from a backup, and you will lose the records of transactions that occurred since the last iteration of your backup process. As explained above, paying the ransom may or may not produce a working decryption key. Attackers inexperienced in encryption and decryption have provided decryption keys which failed to release the files back to the owner. Prevention is going to serve you much better than hoping for a recovery, so take the necessary steps now to reduce the likelihood of infection.

Further reading

ICS Specializes In Managed IT Services, Business Telephones, Video Conferencing & More.

Book your initial consultation with ICS using the form below.

ICS will never sell, rent, share or distribute your personal details with anyone. In addition, we will never spam you.

60-Day Risk-Free Trial

Get Started 60‑Day, Risk‑Free Trial

We offer managed IT services for large to small organizations at a flat-rate monthly fee. You can get started now with a 60-day, risk-free trial. If youโ€™re not 100% satisfied with our services, youโ€™re able to cancel your contract โ€“ no questions asked. ICS works hard to earn the trust of each and every business we work alongside.

Give Us A Try