I’ve written about ransomware before. It’s nothing new. But it is devastating when it happens, and through personal experience as well as reports from the FBI, it’s happening more and more every day.
In fact it’s happened 4 times in the last 2 months to my clients! It’s kind of like watching CNN every day and hearing about all the murders and bombings in the world. But when it happens to someone you know, everything is different. This really can happen to you and your business! I’m going to share with you the scary reality of this and what you can do to lessen the chances of getting hit by one.
What is ransomware?
It’s malware for data kidnapping, an exploit in which the attacker encrypts the victim’s data and demands payment for the decryption key. Ransomware spreads through e-mail attachments, infected programs and compromised websites.
Personal experience from someone who has dealt with it!
It always starts with the same question… How could this have happened to us? Nearly all data breaches come, in one form or another, from insiders. Data breaches can originate with a disgruntled employee or one seeking a material gain. But for the most part, they are the result of inadequate management of data access permissions compounded by innocent mistakes committed by insiders, such as clicking on an e-mail with a malware attachment. Long gone are the days when even an experienced, IT professional can see the that an email message has something wrong with it. Sure, there are some that are obvious. But there are many that are infected where you don’t stand a chance of recognizing it.
When it happens, you know immediately. Almost all of your files and folders are gone. You will see a few of them remaining that have long, unintelligible names – nothing that makes any sense. In almost all cases you will see a popup or a link that takes you to a screen like the one above, with a ticking timer. You should immediately shut down the computer and every other computer or server on your network. Then call for help ASAP. Taking action right away is critical.
In most cases the best way to deal with this is to find where the infection started, and then to methodically restore from backups. I don’t recommend paying the ransom unless your backups are incomplete and you have lost valuable information that can’t be practically replaced.
Two weeks ago that’s what happened with a client and for the first time ever, I recommended paying the ransom. The infection corrupted their backups and the backups of the backups weren’t current enough.
Paying the ransom!
Knowing full well that we might pay the ransom and still not get our data back, we didn’t have much choice. The countdown timer said we only has 42 hours left to pay. The ransom can only be paid with bitcoin currency. There are lots of places on the internet where you can set up a bitcoin account – most of them are scams or chances to get more infections. Once you find a legitimate one, it can take between 4 and 7 days to set it up – not what you want to find out when your timer runs out before then. So the timer ran out. Then it started up again. The ransom was then double – about $1,500 and we had a few more days to pay it.
While waiting for the bitcoin account to get funded, we identified a service that claimed to be able unencrypt our data for about $3,000. This company was BBB accredited and was right here in the U.S. We sent them a sample file and they were able to bring it back. So 3 days later and $3,000 poorer we got our files back. My consultant who set up the bitcoin account is now dealing with identity theft problems, all because he was trying to help a client.
Ransomware is rampant and don’t be surprised if you or someone you know gets hit by it. Take an immediate hard look at your backup strategy and improve it. Make sure you have antivirus software running on every computer. Look into using the free anti-ransomware software made by Malwarebytes. And most of all, if you get hit, don’t wait. Don’t keep using your computers. Call for help right away!