Ransom in the Streets
All we need are backups, sweet backups
One of the major IT security issues in the last five years involves the dreaded and feared ransomware resulting in loss of data, income and possibly the entire business.
These problems are unlikely to be eliminated or reduced unless you follow proper computer/network security procedures which I’ll outline in this article.
A Hard-learned Lesson
It’s never pleasant to have do it but we dropped a client a few years ago because they refused to upgrade past Windows XP, follow basic IT security hygiene and were not diligent by any means on their data backups. A couple of years later I heard from a former employee at that company and he said that they had gotten hit by some variant of the infamous CryptoLocker ransomware. One of the non-technical general staff had likely either clicked on a malicious link in an email or gone to a website that was infected.
This happened on a Friday afternoon and the employee noticed the PC was running slow and had that giant red warning on the screen but just decided to turn off the monitor and deal with it on Monday. The ransomware ran ALL weekend, hitting every network share on which she had access.
They got a little lucky in this case because there were relatively recent backups but it did cost them a day or two of downtime.
Don’t let this nightmare happen to you.
I’m going to ask some hard questions here that you seriously need to consider as a business owner or an employee. Take some time to imagine these scenarios:
1. What is the cost to your business for being completely shut down for an hour, day or week?
2. What would happen if you literally lost ALL of your data permanently because of lack of security and backups?
3. What would your clients and customers think if you were unable to help them for an extended period of time?
These answers can easily mean the difference between business survival and closure. This is NOT overstating the importance of protection from ransomware and standard computer/network security practices.
How to Deal with the Ransomware Hackers
It comes down to ONE thing. Don’t pay them! If you follow the guidelines in the next section you will likely be okay. With any particular widespread ransomware infection, the attackers have a vested interest in unlocking your computer after some kind of payment so others will also pay them. It was typically Western Union in the past but now has moved to Bitcoin and various other cryptocurrencies. There is still no guarantee that they will do anything to help you after payment.
Also remember that if you are in the United States, the Secret Service will help you. There are certain parameters that you need to meet in terms of the size and scope of the damage. That subject is entirely out of the scope of this article but you can find good and knowledgeable people here: https://www.secretservice.gov/investigation/ The Electronic Crimes Task Force (ECTF) is staffed by very nice and talented professionals. Hopefully you won’t need their assistance.
I’m outlining the three most important things you can do below, and drilling them into your head three times:
Update, Update, Update
I cannot stress this enough. Update everything with the latest patches every month. We typically recommend waiting a few days after the software release to find out if anyone else experiences show-stopping problems. This repeatedly happened with Windows 10 in 2018.
Update your workstations, servers, third-party software on all PCs and network/firewall firmware. The latter is forgotten incredibly frequently and is critical for securing your network. Do not forget Java, Flash and Acrobat – these are very common attack vectors.
Training, Training, Training
The usual path to computer and network compromise is through your employees. This is not their fault – the bad guys are particularly crafty and it’s easy for even an experienced IT professional to get duped once in a while.
The critical thing is to provide scheduled basic training in detecting spoofed emails and anything that looks suspicious. Always remember, if the ‘offer’ is too good to be true you’re likely about to be compromised.
The best approach is to send out monthly or quarterly reminder emails reinforcing basic computer security rules and include a link to a short 2-5 minute video that is easy to digest.
Backup, Backup, Backup
This is the MOST critical thing you can do. As long as you have a reliable backup system you can recover from nearly anything and ensure your business survival. I usually describe it as ‘cheap insurance’ which is absolutely true.
Of course, there are different forms of backup types:
- File level – the data will be safe but if ransomware, hardware failure or a natural disaster hits the servers you’re looking at quite a while to reinstall everything again.
- Snapshots – I love this because snapshot are complete images of the server periodically and are stored locally. There is still danger however because the storage devices are usually hard drives so you can’t take them offsite.
- Cloud backup – This gives you the added security of having an offsite backup automatically every few hours. The restore time can be quite slow though and if you need to pull it from the cloud you’re likely dealing with theft, water or fire damage.
- Hybrid/Combo – This is the best solution and the only one we recommend to clients. You have snapshot copies on a local hardware device that are also replicated to the cloud. With the worst-case scenario of a complete server failure, you can boot the server snapshot as a virtual machine on the backup device and everyone is back in business until the server can be replaced. If everything really goes badly you can set up remote users to connect to the cloud snapshot image and they will be able to work from any location as if the office was still intact. Again, CHEAP INSURANCE.
Just One More Thing: Hire Someone to Manage Security for You
There’ll Be Data Safety Across the Nation
That’s right, you’ve finally reached the shameless plug for our security offerings.
It’s very easy to neglect security when you’re dealing with running a business or handling the typical tasks at your job. It takes constant vigilance and that’s where we can help you.
We’ve developed a 40+ point checklist that involves automated monitoring and a manual periodic review of all the recommended security and backup best practices. We’ll be happy to do a free network assessment and provide a quote/roadmap to CONTINUALLY improve security and data backups in an economical manner and prevent damage from new threats as they develop.
Let’s talk right now about what we can do to help your business.
David Gullett, CISSP