We asked Exmos CEO, Gordon Coulter, to discuss the scourge of ransomware, its origins, its implications for your business, the steps you can take to minimise the threat and how you can recover from it when it happens. The odds are it will.
I encountered my first computer virus in 1986 in an article about the discovery of the first virus for PCs running MS-DOS, called Brain https://en.m.wikipedia.org/wiki/Brain_(computer_virus). According to the article, the two brothers who authored the virus were stunned about how far across the world it managed to spread. I suspect they weren't the only ones to be this surprised, but I doubt if anyone ever imagined it would lead us to where we are today. We used to be amazed at the rate that new viruses were arriving - first when the count reached 10, then 20 and it continued to grow.
Fast forward to today, August 2016 and it’s a quite different story. The exact numbers are unknown, but all the anti-virus companies and researchers throw numbers out that are similar in size. When I say 40 million viruses, you are most likely stunned but what's even more appalling is that this is the number of new viruses spotted just in Q4 2015 (according to McAfee). Take that in for a second - 40 million new viruses over a three month period. McAfee are now reporting just close to half a billion known viruses.
What’s even more shocking is that in Q1 2014, that number was just over 200 million. So in the space of just two years, it's more than doubled. It's worth taking a moment to ponder these numbers and consider the potential impact of a malware or ransomware attack on your business.
It's a strain of malware (malicious software) that encrypts files on your computer or server, altering the file extensions (from jpg, doc, xls, etc) then demands a payment to unlock them.
Your employees don’t need to be doing anything untoward to fall victim to it. It's planted in a raft of perfectly normal and legitimate websites. They just need to be unlucky enough to be on that site and for your system not to be protected well enough to avoid catching it.
There are several 'strains', including Cryptolocker, Cryptowall and Locky.
The sophistication of malware continues to grow to the point it sometimes beggars belief. In the beginning, it was often about pranks, then we went through a phase of malicious destruction of data. Now it's mainly about theft of data, or holding data to ransom.
This is the new face of organised crime.
They're not just one-offs either. If you get hit once, there's every chance you'll get hit again and there's no guarantee that even if you do pay up that the same malware won't still be sitting in your network with the potential to reinfect your system at any time.
Sadly, we now live in an age where just having anti-virus software is no longer sufficient protection. You really need to have a blend of products running to have a decent chance of avoiding infection. The downside is that each new product costs money and the majority of companies are unwilling to make the spend because they don’t believe the issue is bad enough.
When you get it, you won’t know about it immediately and if your anti-virus software doesn't manage to detect an infection, it can run for several hours before someone questions the strangely altered file names in a directory they just happened to have opened. Depending on how quickly that question gets to your IT people, how quickly they react and how quickly they detect the source of the infection, you can be facing a huge recovery exercise. We've seen several hundred thousand files being rendered useless by a Cryptolocker-style infection in a matter of minutes.
No. Preventative measures help keep the threat to a minimum. You need to invest in a combination of products such as anti-virus, web and email security for prevention to be effective.
But there are no guarantees that something new won't manage to squeeze through. New malware is being deployed at a ridiculous rate and it's becoming increasingly difficult to block.
An informed workforce is a great line of defence.
Educate them - make sure they know what a Cryptolocker infection looks like on their screens and warn them about unsolicited emails with attachments.
Create a culture of Internet wariness and, above all, let them know they can jump up and yell if they see it.
When prevention fails and your network has been infected, you can't afford to be left sitting with no options.
You absolutely, beyond any doubt, need to invest in a cure. That comes in the form of a robust backup and disaster recovery product and process.
Make sure you are never in a position where you have to close permanently and go home. If you depend on your data to run your business, don’t allow someone to be able to take it away from you.
It may sound far-fetched, but so many businesses end up paying the ransom and even the FBI state it’s the sensible choice. If you find yourself in that worse-case scenario of having to pay, you better pray that the criminals who released that particular variant of the malware are still around to accept your money. There's no guarantee they will be…
Visit our Business Continuity, Backup and Disaster Recovery webpage and contact us to see how we can help you secure your business, your customer's business and your future.