Ransomware gets its name because once you have identified that the encryption is active, there is usually a text file or note in the directory with a process for paying a ransom in exchange for the file to decrypt the computer or network. It has happened to other people in the industry, and it could happen to you unless you take adequate steps to protect yourself.
According to the ACCC’s Annual Small Business in Focus Report (2016), the watchdog received over 7,600 enquiries and complaints from small businesses about Ransomware in the first half of 2016. It is estimated in that businesses lost more $1.6 million in that 6 month period.
Adam Woods of The Professionals, Mudgee, learned first hand the impact that Ransomware can have when it infiltrated their business.
“We thought we had backups in place but they were linked to the system and so they were encrypted too. In the end, it could have been avoided by involved putting some systems in place and a small investment in hardware, about $600, that could have prevented it.”
In the end, the price was much higher for Woods. “When our business was targeted, we actually paid a ransom of approximately $4,000 and then had to fight the hackers to actually provide us a decryption file. We had our IT guys essentially move in for a week but while they tried to restore everything, our office was essentially offline for a week. A simple fix in the end but a hard way to learn a lesson.”
So, like Woods, even if we think we are protected – in reality, we may be exposed and not even realise. A study by the Ponemon Institute showed that 56% of companies were not ready to fight off a Ransomware attack and only 38% had a strategy to deal with destructive software.
Nathan Francis from Elevate Solutions, an IT service provider servicing many real estate clients in Queensland, explains that Ransomware is becoming not only more common but also increasingly tricky to identify as the developers become more sophisticated.
“It comes into the business usually via an email or website, guest computer connected to the network, or even a USB,” says Francis. “It can appear as a .PDF, .DOC file or it could be a zip file. One of the most common ways is a delivery through an email that looks like a routine business email, “You have a delivery” or “Missed invoice”.
Those behind these apps have mastered the art of normalising the point of entry so it looks as routine as possible. This makes Ransomware very difficult to detect and even the most diligent of users can be fooled.
Ransomware works essentially through encrypting everything on your computer and the networks it is connected to, so that you cannot access any of your files without the decryption key.
Francis explains, “As soon as the user opens the file, the virus starts running in the background. The way you find out it has happened is that you go to open a document and it says it has been encrypted. By that stage, it has encrypted everything on the computer or the network. It can be debilitating for a small business”.
“We recommend that you don’t go down the road of paying a ransom for a couple of reasons,” says Francis. “Firstly, it is hard to know exactly what the funds are being applied to but it is safe to assume that most of us would probably have ethical concerns about the business activities that these groups or individuals are involved in. Also, from a practical standpoint, the prospect of actually receiving the decryption tool are very slim and there is no avenue for recourse.”
“Depending on how you pay you can also open yourself up to have your bank accounts infiltrated and it just opens up a world of hurt.”
So, what should you do if you do succumb to Ransomware?
“We have encountered multiple clients who have been affected by Ransomware and depending on the backup solution of that particular client, the road back to restoration ranges from being fairly simple to complex, depending on what back up strategy in place is.”
It seems that the best approach it is to be proactive and a backup strategy that contemplates Ransomware is critical.
“I tend to frame cyber-security in the same way that we think about insurance. Just as we have home, business, or car insurance, there are things we need to do to ensure that the risk we carry in the digital aspect of our businesses is managed and minimalized,” says Francis.
When you are evaluating the cost of applying a proactive data security strategy, you need to weigh that against the costs involved if your business is taken offline for a period of time or lost data or the time it would take to regain and re-enter your data after an attack.
Francis and his team have seen the extreme impact this can have. “We looked after a property management company in Queensland six years ago who had a system failure, similar to the impact of a ransom attack – and they ended up having to close the business. There was no data, and so no business. They reviewed the process of re-establishing things and it was more feasible to walk away.”
Nathan’s tips for cyber-security
1. Get professional advice about your backup system
It doesn’t matter what other proactive measures you have in place, your backup strategy is the highest priority. If the backup strategy you have in place isn’t designed for a Ransomware type of attack, it can be that the backup system itself is vulnerable or could even be a part of the encryption. We always recommend working with your IT provider to ensure that there is a strategy or design in place for backup that is secured against these type of attacks.
2. Don’t rely on anti-virus software
Anti-virus software is important but has its limits. Anti-virus software can’t always keep up with the threat or the rate at which these encryption viruses are being developed.
3. Invest in gateway protection.
The internet connection into your office can be secured against these type of attacks. What gateway protection does is monitor traffic coming into your network, and identifies incoming threats. A threat is then detected before it gets to the computer meaning that there is guardianship in place that doesn’t depend on a user manually identifying the risk. This is particularly useful as the disguise of the threats is becoming more cunning.