Ransomware: What Businesses Need to Know
If you don’t want to pay a king’s ransom for data you already own — data that you have lost access to because of a ransomware attack or other type of hacker intrusion — you’re not alone.
With the flurry of news stories swirling around raising new questions about what these threats really are, how they spread, what can be done to avoid being infected, and what Dropsuite specifically provides that help businesses never lose data again, we sat down with Adrian Loke, Director of Product at Dropsuite, to ask him a few questions about ransomware.
Can you explain what Ransomware is?
Ransomware is a form of malware deployed on a user’s computer or a company’s network that blocks access to data (content files, emails, databases) until a ransom is paid to the hacker.
How does ransomware spread? Two main entry points.
(1) Email: A recipient receives an email and is asked to download a file or click on a hyperlink. The email request tends to sound believable and often the real senders identity is masked, making the email appear as if it’s being sent by a colleague or a known contact. Clicking on the link or downloading the file activates the ransomware.
(2) System vulnerability: A malicious network packet is sent to the vulnerable system, from either the local network (internally) or from the internet (externally).
What exactly happens in ransomware infected computer systems?
Ransomware will target a set of file types and start encrypting them with a specific code. This code is only known to the ransomware creator. A ransom email is then sent to the infected business user asking them to pay up. If the ransom is paid, the decryption code is released to the business user so that the infected files can be unlocked. If the ransomware is not paid, the files may remain locked forever.
How did WannaCry happen?
From what I’ve read, WannaCry happened because many business organizations and consumers did not patch certain versions of their Microsoft Windows operating system with the provided patch that Microsoft released when it became public knowledge that the NSA (US National Security Agency) discovered this vulnerability. For large companies, this could have happened due to complacency or negligence but for SMBs and consumers, ignorance and the general lack of knowledge or time to install the patch were the likely culprits.
What can be done to avoid being affected?
The reality is, people make mistakes in judgement all the time and even the most powerful anti-virus software is not foolproof — and that’s how data breaches like this keep happening. Here is some basic advice:
(1) Ensure all your software is up-to-date including your operating system (e.g. Windows).
(2) Deploy anti-virus software and make sure it is also up-to-date,
(3) Backup and encrypt your data, such as cloud backup in an offsite data center,
(4) Be vigilant and educate/train your staff about how ransomware spreads to help mitigate user error as the point of entry.
How can Dropsuite help businesses protect their data?
Because new varieties of malware in general and, in this case, ransomware are continuously created by hackers, deploying a good backup and recovery solution is the most dependable form of defense. Dropsuite offers automated and secure backup solutions for some of businesses most critical data, such as website files and databases, server data and email. The data is saved and encrypted in the cloud (separate and secure offsite location) and businesses can recover their data quickly in the event they ever need to.