Ransomware: Be Afraid. Be Very Afraid.
If you want to strike fear into the hearts of small business owners and IT managers, you need only whisper one word: Cryptolocker.
Cryptolocker, CryptoWall, and other ransomware in the same family can wreak havoc on a small business, encrypting sensitive data from financials to personnel files. Not only does this grind productivity to a halt, but it also creates headaches for IT, who must scramble to immediately disconnect the infected computers from the network, scrub them and check the remaining computers for signs of compromise.
Ransomware is a ticking time bomb. Small business owners and individuals who are infected are typically given 72 hours to fork over payment, often in the form of untraceable bitcoin, before hackers delete the encryption key—basically dooming your files to be lost forever. Even when users cough up the cash, some cyber criminals still refuse to unlock the data. Others have been known to double down on the ransom demand. If that weren’t hair-raising enough, once a machine becomes infected, Cryptolocker can find and infect files within shared network drives, USB drives, external hard drives, and even cloud storage drives.
Despite a law enforcement crack-down in 2014, Cryptolocker, CryptoWall and other ransomware are on the rise. According to Intel Security, the fourth quarter of 2014 saw 250,000 new ransomware samples, up 155% from the previous quarter. Between April 2014 and June 2015, businesses and individuals reported ransomware-related losses totaling more than $18 million.
So what can companies do to mitigate the damage?
Tips for MSPs Who Have Been Hit with Cryptolocker
Use system restore points (VSSADMIN) to recover original copies of the files.
Windows comes equipped with older copies of files, sometimes in the form of restore points. Although the creators of more advanced ransomware are aware of this and clear the copies after encryption is complete, sometimes this process fails. It's always worth a look.
Look online for decryption software that may have been released for the ransomware variant you have.
Of course, if the virus creators are seasoned, this may not always be possible. And if they are determined, they may follow up on free Internet fixes to patch the exploit found in their system.
Perform file data recovery.
This more down-and-dirty method uses specific applications, such as Recuva, R-Studio, ICare, or Photorec, to go under the hard drive sectors and pull out old versions of deleted or overwritten files. The reason this option is "dirty” is because you will likely only recover 50 to 75 percent of your files, and even those can be corrupt. This method also will not work unless the ransomware deletes the good file or overwrites the file with a certain flag. In addition, most ransomware will actually zero out the hard drive (fill up the hard drive's free space with empty bytes) in order to prevent the possibility of recovering a deleted file.
Rely on your backups.
If you haven't already, implement a detailed, advanced backup system. A cycling daily backup with version control can squash nearly any ransomware attack.
While small businesses can keep data intact and avoid paying ransom fees by regularly backing up files, that doesn’t necessarily mitigate additional costs incurred from legal fees, credit-monitoring services for employees or customers, or IT services. The best way for companies to protect themselves is by installing a strong cyber security program that includes both anti-malware and anti-exploit technology, which prevent ransomware attacks in the first place.
If you back up your files regularly, install a good endpoint security program, and keep a look-out for new anti-ransomware technology coming down the pike, you can stave off powerful ransomware attacks and save your business precious time and money responding to them.
Client data protection demands BDR