What is Ransomware and What Can You Do to Protect Your Company’s Data?

Posted by Eric O. Schueler, Senior V.P. of Information Technology The risk of ransomware to computer security has increased recently. What is ransomware and how can you stop it? What is Ransomware and What Can You Do to Protect Your Company’s Data? In the movies, you might…

Posted by Eric O. Schueler, Senior V.P. of Information Technology

The risk of ransomware to computer security has increased recently. What is ransomware and how can you stop it?


What is Ransomware and What Can You Do to Protect Your Company’s Data?

In the movies, you might see a kidnapper demand ransom for returning a captive. When it comes to computers, ransomware employs the same idea. Just like a kidnapper demands ransom for returning a person, ransomware demands money for “stealing” and encrypting files from your computer.

What is Ransomware?

Ransomware is a type of malware that takes files from a PC or network and encrypts them. Then it extorts money to unlock the files. This kind of malware is on the rise. According to Symantec, ransomware generates an estimated $5 million annually.

Recent ransomware is usually from one of the following malware programs: CryptoLocker, CryptoDefense CryptoWall, TeslaCrypt, and Locky. Ransomware gets on your computer or network through harmless-looking files that you may download from email or other sources.

What Type of Files Carry Ransomware?

Programs and files that are normally safe and undamaging can contain ransomware. Many ordinary programs from Excel files to PDF’s can contain ransomware. Recently however, the top programs to carry ransomware include:

  • Zip files (.zip)
  • Word documents which can contain macros commands (.doc)
  • Javascript files (.exe or.js)

Ransomware can also hide in a shortcut. These shortcuts include an icon that appears to go to one program but, in fact, is disguised and leads to another program.

How Does an Attack Work?

When the ransomware malware program is activated, it first retrieves information on your machine such as the IP address, operating system details and geographical location. Then it sends encryption keys to start encrypting files, starting with local files, then files on removable drives and then any accessible places on the network. This is why, if you discover an attack and your programs and files are not working or disappearing, you should immediately shut down the infected computers. The attack can take hours or even days. Then ransom notes will start appearing in every folder that has encrypted files. The desktop will also have a ransom note file, and the desktop background may change to a picture of the ransom note. Often the ransomware program will then delete itself so computer security companies can’t get a hold of it and analyze it. The ransom note will demand that you pay x amount of money to receive a special key to unencrypt the files. Unfortunately, because the keys are unique, to unencrypt the files, you do need the key. Luckily there are ways to prevent attacks.

How Do I Stop Ransomware?

Since ransomware hides in ordinary programs and files it’s difficult to detect. Here are some precautions you should take:

Computer Security

  1. Do not open unsolicited emails, especially email attachments.
  2. Don’t enable macros on documents you receive by email.
  3. Enable the ability to view file extensions so you can better identify the file type without relying on a thumbnail.
  4. Back up computer files regularly and store offsite. Even if a file gets locked or encrypted you can restore a previous version when you back up.
  5. Patch often because popular programs with security bugs are frequently used for ransomware.
  6. Open Javascript files in notepad to examine content and avoid running malicious programs.
  7. Install Microsoft Office viewers to see what documents look like before opening in Excel and Word.
  8. If you do not already have an email and spam filtering program in place, get one.
  9. Install programs that prevent ransomware.

Programs that Combat Ransomware

There are some programs that are designed to combat ransomware. Two such programs by Sophos and StorageCraft can help keep your files secure.

  • Sophos has programs that protect against ransomware and other malware by increasing computer security. In September, Sophos launched Intercept X, a next generation security endpoint product with an advanced anti-ransomware feature that can detect previously unknown ransomware within seconds. To learn more about Intercept X or to get a free trial click here.
  • StorageCraft provides cloud backup solutions which can be one of the best ways to combat ransomware. StorageCraft data centers are extremely secure and store your data offsite. Should your computer or network download ransomware, you would have a previous version of the file saved and stored in an unaffected offsite drive. You would be able to restore the backup version of the file and won’t have to pay hundreds or even thousands of dollars the ransomware requires to unencrypt it. Click here to learn about StorageCraft Shadow Protect for backup and disaster recovery.

HRCT can help you get started with these programs for better network and computer security. Call now and talk to our VP of Information Technology, Eric Schueler. Eric can put together a network and computer security plan customized for your business, and help you choose which programs will benefit your business. 757-399-3350

Posted by Eric O. Schueler, A+, MCP, MCSE, MCTS, CSSA, ACSP – Senior V.P. of Information Technology at HRCT. Eric has been in the business of providing IT and consulting for small and medium business for more than 15 years.

Hampton Roads Communication Technologies (HRCT) provides quality business telecommunications solutions, like Office 365, computer and IT support and managed service agreements to companies and organizations throughout the United States, Mid-Atlantic and the Hampton Roads Virginia cities of Virginia Beach, Chesapeake, Norfolk, Portsmouth, Suffolk, Newport News and Hampton, north into Williamsburg and south into the Outer Banks of North Carolina. HRCT keeps your company connected with 24/7 emergency service.

Call today. (757) 399-3350

Sources: community.sophos.com, www.storagecraft.com, nakedsecurity.sophos.com, .sophos.com

Images courtesy of FreeDigitalPhotos.net by Stuart Miles (ransomware) and hywards (computer security)